Feature #2291

Design report MAC logic.

Added by Randy Reitz almost 9 years ago. Updated about 7 years ago.

Start date:
Due date:
% Done:


Estimated time:
20.00 h
Spent time:
Duration: 31


The CIA switch poller finds all end-user MACs and the switches/VLANs where they are connected.
For each report of MAC, VLAN, switch-name, timestamp:
- find the existing connection
update the switch connection detail for this connection.
- if no existing connection is found, report an error. (6.43 KB) Extract MAC forwarding table from ethernet switch Randy Reitz, 12/15/2011 08:14 AM


#1 Updated by Randy Reitz almost 9 years ago

This is a reading from the book of

  • Given a switch name and READ_COMMUNITY_STRING:
    • NMP/Ping check
      Access system.sysUptime as a connectivity check. Abort with "No Ping/ANMP response"
  • Get the interface names
    Use IF-MIB:ifPhysAddress to collect interface names and indexes
    NOTE: Only interested in VLAN interfaces. May do this daily and saved in NIMI database for reuse by poller.
  • Gather CDP Neighbors, mark Interface Index Numbers that have neighbors
  • Gather aggregated ports, mark their Interface Index Numbers if their
  • physical interfaces have been marked
    NOTE: This is preparation for removing MAC addresses for interfaces that connect to neighbor network devices.
    We may skip this.
  • Get the VLANs (except 1001 thru 1024)
    VLANs appear to SNMP as separate switches. For example, a physical switch with 10 VLANS has to be treated
    as 10 devices to gather MACs from. Therefore, the list of VLANs on a physical switch can be gathered daily
    saved in NIMI database for reuse by poller.
  • Gather MACs and Stats in each VLAN
  • Each VLAN has a unique set of Bridge Port Numbers
    NOTE: This is where the real data is collected.
    Walk the BRIDGE-MIB:dot1dTpFdbTable, retrieve the MAC (table index) and status.
    Walk the BRIDGE-MIB:dot1dBasePortTable, retrieve the BasePort (table index) and the dot1dBasePortIfIndex.
  • Process Discards
    The MACs with status = 4 (self) and = 5 (mgmt) can be discarded.
    The other discards are derived from the neighbor MAC collected above. This step can likely be skipped.

#2 Updated by Michael Zalokar about 7 years ago

  • Status changed from New to Closed
  • % Done changed from 10 to 100

Included as part of the NCIS/TIssue/FBI V3 release on 8-1-2013.

Also available in: Atom PDF