SNMP queries for MAC->port mapping table

pe1chl · July 3, 2015, 7:23pm

For generating documentation about “which device is connected to what port” I have written some scripts in the
past that use SNMP to retrieve information from routers and switches.

With switches, this script snmpwalks mib-2.17.4.3.1.2 to retrieve a “MAC address to port table”.
In plain switches, this makes it possible to see which MAC address is connected to which port.

Of course a MikroTik RB2011 combines both router and switch functionality.
When the switches are disabled and all ethernet ports are connected to bridges or are used for routing, the
above snmp id retrieves the information for the ethernet interfaces of the router, much like it can be retrieved
for the ports of a managable switch.

However, the RB2011 has two switch chips as well. When these are enabled (by setting “master port” settings of
some ethernet ports), the above snmp query returns the master port number for all devices connected via such
a switching setup. I can understand that when the information really is retrieved at the ethernet port level.
However, when looking in the admin interface, it is possible to see what physical port the MAC addresses are
really connected to.

Is it possible to retrieve that information via SNMP?

jarda · July 4, 2015, 11:29am

Have you looked at provided data by snmp walk?

pe1chl · July 4, 2015, 3:01pm

Yes, and I have not yet found it.
However, my experience is that not all data is always returned in snmpwalk for some devices.
You may have to use a different starting point or even a different community name to find everything…

jarda · July 4, 2015, 3:52pm

Then it is most likely not there.

pimmie · September 1, 2015, 8:49pm

I have been using the oid mac-address / .1.3.6.1.2.1.2.2.1.6.1 as well to monitor connected devices on my switches and experienced the same issue with RouterOS as pe1chl describes.

To me this sounds as a bug in the system. As pe1chl indicates the correct information is actually available in WinBox (Switch → Host), so why not in snmp?

Could somebody from Mikrotik have a look at this if the current behaviour is correct or not?

janisk · September 3, 2015, 10:35am

RouterOS will return all OIDs using walk (bulkwalk for faster results)

pimmie · September 3, 2015, 12:32pm

Sorry, I copied the wrong oid. It should be .1.3.6.1.2.1.17.4.3.1.2

janisk · September 3, 2015, 1:22pm

we are checking is that is possible.

marrold · September 3, 2015, 1:27pm

/ interface bridge host print

Shows which MAC address is attached to which bridged interface. But it doesn’t look like you can pull this via SNMP

[admin@#########] > / interface bridge host print
Flags: L - local, E - external-fdb
  BRIDGE                                                                                         MAC-ADDRESS       ON-INTERFACE                                                                                         AGE
L Br-V129                                                                                        D4:CA:6D:E7:58:73 Restricted LAN [01]                                                                                  0s
  Br-V130                                                                                        00:1B:67:14:C2:B0 Default LAN [01]                                                                                     0s
  Br-V130                                                                                        28:92:4A:34:4B:66 Default LAN [01]                                                                                     1m
  Br-V130                                                                                        A0:F3:C1:CE:3B:AC Default LAN [01]                                                                                     1s
  Br-V130                                                                                        AC:CA:54:00:0E:26 Default LAN [01]                                                                                     1s

pimmie · September 5, 2015, 8:56am

Resolution I received by email from Mikrotik support:

in RouteroS 6.x it will not be possible to bring all this information together. You will have to wait till RouterOS 7.x release to see what hosts on what port are available.

mp412 · June 28, 2019, 11:03pm

any update on viewing mac host mac on snmp yet?
or still need to wait until version 7?

pe1chl · June 29, 2019, 8:10am

Well, that thread was started a long time ago and actually the problem has solved itself by the change from “master-port” to “bridge” some versions ago.

Jotne · June 29, 2019, 10:33am

How to then get mac on interface using SNMP?

This works from cli:

/interface bridge host print

This gives nothing:

/interface bridge host print oid

This gives nothing

snmpget -v 2c -c public myhost .1.3.6.1.2.1.17.4.3.1.2

pe1chl · June 29, 2019, 11:45am

Use snmpwalk instead of snmpget!
You will get a list of items starting from .1.3.6.1.2.1.17.4.3.1.2 but with 6 extra numbers appended which are the MAC address bytes in decimal.
The value of each item is an integer which is the interface number.
To get the mapping of interface number to interface name you need to walk other OIDs like .1.3.6.1.2.1.2.2.1.2 or .1.3.6.1.2.1.31.1.1.1.1

imadloo · July 1, 2020, 6:35pm

I noticed a problem in version 6.47.
RouterOS 6.47 (stable) on RB2011iLS

Mapped ports from the command:
iso.3.6.1.2.1.17.4.3.1.2

are shifted by 7

Example:

# snmpwalk -v2c -c public x.x.x.x 1.3.6.1.2.1.17.4.3.1.1.240.77.162.90.140.137
iso.3.6.1.2.1.17.4.3.1.1.240.77.162.90.140.137 = Hex-STRING: F0 4D A2 5A 8C 89
# snmpwalk -v2c -c public x.x.x.x 1.3.6.1.2.1.17.4.3.1.2.240.77.162.90.140.137
iso.3.6.1.2.1.17.4.3.1.2.240.77.162.90.140.137 = INTEGER: 9

and really the mac address is on the ether1 port, i.e.

1.3.6.1.2.1.31.1.1.1.1.2 = STRING: "ether1"

In other devices, yet another shift:
RouterOS 6.47 (stable) on RB750Gr3

# snmpwalk -v2c -c public x.x.x.x .1.3.6.1.2.1.17.4.3.1.1.248.209.17.164.72.123
iso.3.6.1.2.1.17.4.3.1.1.248.209.17.164.72.123 = Hex-STRING: F8 D1 11 A4 48 7B
# snmpwalk -v2c -c public x.x.x.x .1.3.6.1.2.1.17.4.3.1.2.248.209.17.164.72.123
iso.3.6.1.2.1.17.4.3.1.2.248.209.17.164.72.123 = INTEGER: 0
# snmpwalk -v2c -c public x.x.x.x .1.3.6.1.2.1.31.1.1.1.1.2
iso.3.6.1.2.1.31.1.1.1.1.2 = STRING: "ether2"

and really the mac address is on the ether2 port, i.e.

are shifted by 2

pe1chl · July 1, 2020, 6:53pm

You are right, it does not work correctly anymore…

rururudy · December 8, 2022, 10:15pm

Older version (6.46.8 and earlier) would return the ‘interfaceIndex’ when querying .1.3.6.1.2.1.17.4.3.1.2 via SNMP.
Now (6.49.5 for example) the query returns the ‘bridgeIndex’.

To convert the bridgeIndex to the interfaceIndex you need to use this OID: .1.3.6.1.2.1.17.1.4.1.2

====================== MAC table  =======================
SNMPv2-SMI::mib-2.17.4.3.1.2.8.134.59.81.162.182 = INTEGER: 3
SNMPv2-SMI::mib-2.17.4.3.1.2.76.94.12.214.120.33 = INTEGER: 7
SNMPv2-SMI::mib-2.17.4.3.1.2.212.202.109.162.157.64 = INTEGER: 0
======================= Interface Index    =======================
IF-MIB::ifName.1 = STRING: sfp-unused
IF-MIB::ifName.2 = STRING: 01g-uplink
IF-MIB::ifName.3 = STRING: 02g
IF-MIB::ifName.4 = STRING: 03g
IF-MIB::ifName.5 = STRING: 04g
IF-MIB::ifName.6 = STRING: 05g
IF-MIB::ifName.7 = STRING: 06f
IF-MIB::ifName.8 = STRING: 07f
IF-MIB::ifName.9 = STRING: 08f
IF-MIB::ifName.10 = STRING: 09f
IF-MIB::ifName.11 = STRING: 10f-POE
IF-MIB::ifName.12 = STRING: bridge-local
======================= Bridge to Port Map =======================
SNMPv2-SMI::mib-2.17.1.4.1.2.1 = INTEGER: 3
SNMPv2-SMI::mib-2.17.1.4.1.2.2 = INTEGER: 4
SNMPv2-SMI::mib-2.17.1.4.1.2.3 = INTEGER: 5
SNMPv2-SMI::mib-2.17.1.4.1.2.4 = INTEGER: 6
SNMPv2-SMI::mib-2.17.1.4.1.2.5 = INTEGER: 7
SNMPv2-SMI::mib-2.17.1.4.1.2.6 = INTEGER: 1
SNMPv2-SMI::mib-2.17.1.4.1.2.7 = INTEGER: 2
SNMPv2-SMI::mib-2.17.1.4.1.2.8 = INTEGER: 8
SNMPv2-SMI::mib-2.17.1.4.1.2.9 = INTEGER: 9
SNMPv2-SMI::mib-2.17.1.4.1.2.10 = INTEGER: 10
SNMPv2-SMI::mib-2.17.1.4.1.2.11 = INTEGER: 11

Decoding the mac address, mapping bridge to index, you can determine that:

.1.3.6.1.2.1.17.4.3.1.2.76.94.12.214.120.33 = 4c:5e:0c:d6:78:21 on bridge: 7, port: 2
.1.3.6.1.2.1.17.4.3.1.2.8.134.59.81.162.182 = 08:86:3b:51:a2:b6 on bridge: 3, port: 5
.1.3.6.1.2.1.17.4.3.1.2.212.202.109.162.157.64 = d4:ca:6d:a2:9d:40 on bridge: 0, port: UNDEFINED

Notes:
To understand the mapping OID, take this example: SNMPv2-SMI::mib-2.17.1.4.1.2.1 = INTEGER: 3
See the bolded values? Bridge Index 1 maps to Interface Index 3:

rururudy · December 8, 2022, 10:21pm

Use this script to help you out. Usage: ./mikrotik-walk-test.sh IP_OF_DEVICE. Change the COMM to your community name.

# mikrotok-walk-test.sh - walk those oids!
IP=$1
COMM=YourSNMPcommunity

echo "======================= OS Version $IP =======================";
snmpwalk -v2c -c $COMM  $IP .1.3.6.1.4.1.14988.1.1.7.4.0
echo "======================= MAC table          =======================";
snmpwalk -v2c -c  $COMM $IP .1.3.6.1.2.1.17.4.3.1.2
echo "======================= Interface Index    =======================";
snmpwalk -v2c -c  $COMM $IP .1.3.6.1.2.1.31.1.1.1.1
echo "======================= Bridge to Port Map =======================";
snmpwalk -v2c -c  $COMM $IP .1.3.6.1.2.1.17.1.4.1.2
# Updated with these next two queries to this post oct, 17, 2023!
echo "======================= IP To PhyAddress   =======================";
snmpwalk -v2c -c $COMM $IP IP-MIB::ipNetToMediaPhysAddress
echo "======================= PhyAddress descr   =======================";
snmpwalk -v2c -c $COMM $IP IF-MIB::ifDescr

rururudy · December 8, 2022, 10:30pm

It is possible with 6.x and 7.x.
Depending on the version, you need these three OIDs:

.1.3.6.1.2.1.17.4.3.1.2 MAC table
.1.3.6.1.2.1.17.1.4.1.2 BridgePortIndex to InterfaceIndex Mapping
.1.3.6.1.2.1.31.1.1.1.1 Interface

rururudy · October 18, 2023, 12:15am

To get VLAN information, you need to query snmpwalk -v2c -c $COMM $IP IP-MIB::ipNetToMediaPhysAddress