05-12-2004 02:04 AM - edited 03-02-2019 03:39 PM
Hi everybody!
I want to get the 'show cam dynamic' info from a 4506 switch with CatOS 8.1. I've studied the info on this page thorougly but i'm stuck:
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00801c9199.shtml
So I made a script that has to check every 5 minutes for the necessary info.
This is it, I've made comments to make it clear for everybody:
================================================
<?php
//Get the VLANs of all the interfaces
$VLANs = snmpwalk("10.1.17.4", "public",".1.3.6.1.4.1.9.9.68.1.2.2.1.2");
//Make the array unique, so every VLAN is in it just once.
@$VLANs = array_unique($VLANs);
@sort($VLANs);
@reset($VLANs);
//For every VLAN...
for ($i = 0; $i <= count($VLANs)-1; $i++) {
//Get the MACadresses and BridgePorts of that VLAN.
@$MACadresses = snmpwalk("10.1.17.4", "public@$VLANs[$i]",".1.3.6.1.2.1.17.4.3.1.1");
@$BridgePort = snmpwalk("10.1.17.4", "public@$VLANs[$i]", ".1.3.6.1.2.1.17.4.3.1.2");
//For every MAC-address...
for ($j = 0; $j <= count($MACadresses)-1;$j++){
// Get the LocalPort which belongs to the BridgePort
@$LocalPort[$j] = snmpget("10.1.17.4", "public@$VLANs[$i]", ".1.3.6.1.2.1.17.1.4.1.2.$BridgePort[$j]");
// Then get the PortName, which belongs to the LocalPort.
@$PortName[$j] = snmpget("10.1.17.4", "public", ".1.3.6.1.2.1.31.1.1.1.1.$LocalPort[$j]");
//Show everything.
echo "VLAN: $VLANs[$i] - MAC:";
echo $MACadresses[$j];
echo " - Bridge: ";
echo $BridgePort[$j];
echo " - LocalPort: ";
echo $LocalPort[$j];
echo " - PortName: ";
echo $PortName[$j];
echo "\n";
}
//If everything is allright then these two numbers should be the same.
echo "Total MAC-adresses: ";
echo count($MACadresses);
echo "\nTotal BridgePorts: ";
echo count($BridgePort);
echo "\n";
}
?>
==========================================
It does it's job if run once. But if it's run two times (parallel, each instance from it's own BASH shell) then some output is screwed. Some ports (randomly) aren't shown in one instance, but are shown in the other. It looks like the array is shared and the variables are mixed-up.
I want to solve this because it should be possible for someone to manually scan the network and the output has to be correct.
The second issue is speed: if I run this script on a switch with a lot of VLAN's and devices connected, it takes about a minute. Is there a way to shorten this time?
I'm using SuSe 8.0 BTW on a P3 600Mhz, 128MB RAM. This system isn't the bottleneck, when I run four or five scripts simultaneously, CPU time is about 9%.
05-12-2004 10:28 PM
Can someone please tell me if there isn't a faster way to check for the 'show cam dynamic' info?
Because now it first checks the VLANs, then the MAC-adresses and bridgeports for each VLAN, then for each bridgeport the local port and port name is being retrieved.
I've tested response times and it appears that the (unique) VLANs are shown in about 2 seconds. All the MAC-adresses per VLAN are then shown in about 25 seconds, the bridgeport info in 45 seconds and the rest is shown in about 50 seconds.
05-13-2004 09:38 AM
I use perl scripting to get this kind of data, and one of the most useful tools I've found is the Net::Telnet::Cisco module (http://nettelnetcisco.sourceforge.net/).
It's fairly simple to have it telnet to a switch, issue a "set length 0" command, then a "sh cam dyn".
You can then take the output array and parse it however you want.
As for execution time, it produces output as fast as you see it from a telnet session.
05-13-2004 10:49 PM
Thanks for the answer, however I don't have any experience with Perl... I like the Telnet idea (i know it's also possible without Perl), but i'm pretty sure there has to be a way to make it faster using SNMP.
In my opinion, this command ('show cam dynamic') is pretty important for large networks. For this reason, there should be an easy and fast SNMP solution. Or is my thinking very wrong?
05-18-2004 02:24 PM
There is a table in the Bridge MIB (MIB II) :
.1.3.6.1.2.1.17.4.3
"A table that contains information about unicast
entries for which the bridge has forwarding and/or
filtering information. This information is used
by the transparent bridging function in
determining how to propagate a received frame. "
Its entries are MAC-Port-Status ...
Dave
05-25-2004 05:44 AM
You probably didn't read my startpost very well... Just check which SNMP strings i've used.
Indeed, .1.3.6.1.2.1.17.4.3.1.1 and .1.3.6.1.2.1.17.4.3.1.2. Just the strings you told me here. I know what they do, the problem is that gathering all the information just takes too long.
05-27-2004 09:53 PM
I would like to know if these snmp commands work in a VLAN environnement. I was using these tables before creating Vlans. Now, as I am no more using vlan 1, these snmp commands (dot1dTPFdbTable for Mac addr, Ports) are no more available for other Vlans ...
I am now obliged to use NET:Telnet perl in our perl scripts... Did anyone notice this feature
(my switches are catalyst 3524 and 2950)
06-01-2004 05:07 AM
You have probably already checked this, but is your SNMPwalk function using SNMPv2 or SNMPv1? Using SNMPv2 should give you faster results when walking a large table (due to the getbulk funtion).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide