Mac addresses from snmp-exporter
155 views
Skip to first unread message
Tyler Mace
Nov 1, 2023, 4:24:39 PM11/1/23
to Prometheus Users
I am using a cisco_wlc switch with snmp-exporter.
The SNMP service knows about the connected MAC addresses for each port (through it's ARP table). Every other field for network metrics uses ifIndex as an index input. But this index doesn't work for the atPhysAddress OID. How can I correlate the ifIndex to the atPhysAddress to dynamically get MAC addresses?
Brian Candler
Nov 2, 2023, 4:07:21 AM11/2/23
to Prometheus Users
atTable (1.3.6.1.2.1.3.1) contains atEntry rows (1.3.6.1.2.1.3.1.1), each of which has three columns, one of which is atIfIndex (1.3.6.1.2.1.3.1.1.1). The description of atIfIndex says:
"The interface on which this entry's equivalence
is effective. The interface identified by a
particular value of this index is the same
interface as identified by the same value of
ifIndex."
Therefore, if you're not seeing this, it's probably a problem with your snmp generator configuration. Can you show your generator.yml, and give an example of the metrics you are getting?
Aside: atTable is ancient and deprecated since 1991 (MIB-II). If your device supports one of the newer MIBs like ipNetToMediaTable (1.3.6.1.2.1.4.22, RFC 1213) or ipNetToPhysicalTable (1.3.6.1.2.1.4.35, RFC 4293), you should use that instead.
Note that these tables contain the MAC addresses of *other* devices on your network. If you want the MAC address *of the interface itself*, then there is ifPhysAddress from the ifTable (which is collected with the out-of-the-box SNMP generator config).
# HELP ifPhysAddress The interface's address at its protocol sub-layer - 1.3.6.1.2.1.2.2.1.6
# TYPE ifPhysAddress gauge
ifPhysAddress{ifAlias="",ifDescr="ether1",ifIndex="1",ifName="ether1",ifPhysAddress="00:5A:FF:1C:79:FD"} 1
# TYPE ifPhysAddress gauge
ifPhysAddress{ifAlias="",ifDescr="ether1",ifIndex="1",ifName="ether1",ifPhysAddress="00:5A:FF:1C:79:FD"} 1
Brian Candler
Nov 2, 2023, 12:41:48 PM11/2/23
to Prometheus Users
I should also add: if this is a *switch*, it won't necessarily see all its connected devices in its ARP table - unless it's running as a router, i.e. a pure layer 3 configuration.
To see the connected devices on a layer 2 switch you need the 802.1d bridge forwarding table, BRIDGE-MIB::dot1dTpFdbTable (1.3.6.1.2.1.17.4.3), or the VLAN-aware multiple tables in Q-BRIDGE-MIB::dot1qFdbTable / dot1qTpFdbTable
Reply all
Reply to author
Forward
0 new messages