|
|
| Author |
Message |
VonRC
Joined: 18 Jan 2007
Posts: 6
|
 Posted: Thu Jan 18, 2007 5:22 pm Post subject: Mac Address per Port |
 |
|
Is it possible to count the number of mac addresses for a given port on a Cisco device and graph it over time? I'm trying to find rouge hubs before I turn on port security and limit to 1 per port.
RC
|
|
| Back to top |
|
 |
TheWitness
Developer
Joined: 14 May 2002
Posts: 9723
Location: MI, USA
|
| Posted: Thu Jan 18, 2007 7:39 pm Post subject: |
|
|
That's an interesting thought...
TheWitness
|
|
| Back to top |
|
|
VonRC
Joined: 18 Jan 2007
Posts: 6
|
| Posted: Thu Jan 18, 2007 11:23 pm Post subject: |
|
|
| TheWitness wrote: | | That's an interesting thought... |
Ya, I thought so too. Do you think it might work?
RC
|
|
| Back to top |
|
|
TheWitness
Developer
Joined: 14 May 2002
Posts: 9723
Location: MI, USA
|
| Posted: Fri Jan 19, 2007 6:37 am Post subject: |
|
|
Yes, it lines up with a port inventory feature that I have been convinced is appropriate method to extend the capabilities of the system. However, my creative juices are a bit drained at the moment.
Looking for more inspiration.
TheWitness
|
|
| Back to top |
|
|
egarnel
Cacti Pro User
Joined: 21 Nov 2002
Posts: 630
Location: Austin, TX
|
| Posted: Fri Jan 19, 2007 9:00 am Post subject: Re: Mac Address per Port |
|
|
| VonRC wrote: | Is it possible to count the number of mac addresses for a given port on a Cisco device and graph it over time? I'm trying to find rouge hubs before I turn on port security and limit to 1 per port.
RC |
Another way to do this is to turn on switchport port-security and use the restrict mode , it will generate snmp (IOS deps) and you can capture it in the logs. We do this and make use of the alerts feature in the syslog plugin to send emails whenever port security gets tripped.
[/code]
| Description: |
| What the email alert looks like |
|
| Filesize: |
29.8 KB |
| Viewed: |
2216 Time(s) |
|
|
|
| Back to top |
|
|
VonRC
Joined: 18 Jan 2007
Posts: 6
|
| Posted: Fri Jan 19, 2007 9:13 am Post subject: |
|
|
| TheWitness wrote: | | Looking for more inspiration. |
*good thoughts, good thoughts, good thoughts*
does that help? 
RC
|
|
| Back to top |
|
|
VonRC
Joined: 18 Jan 2007
Posts: 6
|
| Posted: Fri Jan 19, 2007 5:45 pm Post subject: |
|
|
| broken post
|
|
| Back to top |
|
|
VonRC
Joined: 18 Jan 2007
Posts: 6
|
| Posted: Fri Jan 19, 2007 6:22 pm Post subject: |
|
|
A few obvious things:
1. The CAM table has a list of all the MAC addresses and the port number they were learned on.
2. Port security has a method to track the MAC count to enforce the security policy.
Its easy to get the CAM table via SNMP but does port security have an entry in the tree somewhere or does it just calculate the number from the CAM table?
Help me out here. I
|
|
| Back to top |
|
|
TheWitness
Developer
Joined: 14 May 2002
Posts: 9723
Location: MI, USA
|
| Posted: Sat Jan 20, 2007 12:55 pm Post subject: |
|
|
This information is already scanned in the current product.
TheWitness
|
|
| Back to top |
|
|
VonRC
Joined: 18 Jan 2007
Posts: 6
|
| Posted: Sat Jan 20, 2007 5:51 pm Post subject: |
|
|
A few obvious things:
1. The CAM table has a list of all the MAC addresses and the port number they were learned on.
2. Port security has a method to track the MAC count to enforce the security policy.
It
|
|
| Back to top |
|
|
VonRC
Joined: 18 Jan 2007
Posts: 6
|
| Posted: Sat Jan 20, 2007 5:52 pm Post subject: |
|
|
A few obvious things:
1. The CAM table has a list of all the MAC addresses and the port number they were learned on.
2. Port security has a method to track the MAC count to enforce the security policy.
It
|
|
| Back to top |
|
|
VonRC
Joined: 18 Jan 2007
Posts: 6
|
| Posted: Sat Jan 20, 2007 5:53 pm Post subject: |
|
|
I can't get my post up on the system... It keeps cutting me off. One more try only I will type it in rather than copy paste...
A few obvious things:
1. The CAM table has a list of all the MAC addresses and the port number they were learned on.
2. Port secruity has a method to track the MAC count to enforce the security policy.
It's easy to get the CAM table fiaq SNMP but doesn port security have an entry in the tree somewhere or does it just calculate the number from the CAM table?
Help me out here. I'm not sure if I'm gong to make this understandable.
We can get the CAM table and put it in a Temp SQL table and run a query something like this on it;
select port_id
count (port_id) AS NumOccurrences
from temptable
group by port_id
Once we have the NumOccurrences we could shove that in to a real table in the SQL server with a time stamp and switch id. From there it would be just a matter of getting the data back out and graphing it.
The problem is I just don't know how to put it all together and make it work.
RC
|
|
| Back to top |
|
|
TheWitness
Developer
Joined: 14 May 2002
Posts: 9723
Location: MI, USA
|
| Posted: Sat Jan 20, 2007 6:21 pm Post subject: |
|
|
| Did you not read my prior post?
|
|
| Back to top |
|
|
VonRC
Joined: 18 Jan 2007
Posts: 6
|
| Posted: Sat Jan 20, 2007 8:42 pm Post subject: |
|
|
| TheWitness wrote: | | Did you not read my prior post? |
ya, I did, I was just very frustrated that I couldn't get my post to work so I wasn't going to give in to it. I won!
RC
|
|
| Back to top |
|
|
TheWitness
Developer
Joined: 14 May 2002
Posts: 9723
Location: MI, USA
|
| Posted: Sat Jan 20, 2007 9:36 pm Post subject: |
|
|
lol. The forum's been having issues lately. Looks like the site was down for a little bit today. Although, truth be known, I think there were some DNS issues on the web this morning.
TheWitness
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
