Something about SNMP in May 11

First, we need a few more OID types.

MiB BRIDGE-MIB
Name dot1dtpfdbaddress

Iso.org. DOD. Internet. Mgmt. mib-2.dot1dBridge.dot1dTp.dot1dTpFdbTable.dot1dTpFdbEntry.dot1dTpFdbAddress

Oid 1.3.6.1.2.1.17.4.3.1.1
Type macaddress
Units
Access read-only
Status mandatory

A unicast MAC address for which the bridge has
Forwarding and/or filtering information.

MiB BRIDGE-MIB
Name dot1dstaticaddress

Iso.org. DOD. Internet. Mgmt. mib-2.dot1dBridge.dot1dStatic.dot1dStaticTable.dot1dStaticEntry.dot1dStaticAddress

Oid 1.3.6.1.2.1.17.5.1.1.1
Type macaddress
Units
Access read-write
Status mandatory

The destination MAC address in a frame to which
This entry's filtering information applies. This
Object can take the value of a unicast address,
Group address or the broadcast address.

MiB BLC
Name snmpenableauthtraps

Iso.org. DOD. Internet. Mgmt. mib-2.snmp.snmpEnableAuthTraps

Oid 1.3.6.1.2.1.11.30
Type Integer
Units
Access read-write
Status unknown

Indicates whether the SNMP Agent process is
Permitted to generate Authentication-Failure
Traps. The value of this object overrides any
Configuration information; as such, it provides
Means whereby all authentication-failure traps may
Be disabled.
 
Note that it is stronugly recommended that this
Object be stored in non-volatile memory so that it
Remains constant between re-initializations of
Network Management System.

Possible values:
Enabled (1)
Disabled (2)

MiB BRIDGE-MIB
Name dot1dstpportenable

Iso.org. DOD. Internet. Mgmt. mib-2.dot1dBridge.dot1dStp.dot1dStpPortTable.dot1dStpPortEntry.dot1dStpPortEnable

Oid 1.3.6.1.2.1.17.2.15.1.4
Type Integer
Units
Access read-write
Status mandatory

The enabled/disabled status of the port.

Possible values:
Enabled (1)
Disabled (2)

MiB IF-MIB
Name iflinkupdowntrapenable

Iso.org. DOD. Internet. Mgmt. mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifLinkUpDownTrapEnable

Oid 1.3.6.1.2.1.31.1.1.1.14
Type Integer
Units
Access read-write
Status unknown

Indicates whether linkup/linkdown traps shoshould be generated
For this interface.
 
By default, this object shoshould have the value enabled (1)
Interfaces which do not operate on 'top' of any other
Interface (as defined in the ifstacktable), and disabled (2)
Otherwise.

Possible values:
Enabled (1)
Disabled (2)

MiB IF-MIB
Name ifpromiscuousmode

Iso.org. DOD. Internet. Mgmt. mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifPromiscuousMode

Oid 1.3.6.1.2.1.31.1.1.1.16
Type truthvalue
Units
Access read-write
Status unknown

This object has a value of false (2) if this interface only
Accepts packets/frames that are addressed to this station.
This object has a value of true (1) when the station accepts
All packets/frames transmitted on the media. The value
True (1) is only legal on certain types of media. If legal,
Setting this object to a value of true (1) may require
Interface to be reset before becoming valid tive.
 
The value of ifpromiscuousmode does not affect the partition tion
Of broadcast and multicast packets/frames by the interface.

Bytes ------------------------------------------------------------------------------------------

Find the MAC address on the vswitch and go down the port

For example, for 000c. 6e9e. 932f, the 10-digit format is 0.12.110.158.147.47.

On the vswitch, get. 1.3.6.1.2.1.17.4.3.1.2.0.12.110.158.147.47
The number of the port is obtained, but the value obtained in this case is incorrect. You can only get. 1.3.6.1.2.1.17.4.3.1.2.0.12.110.158.147 if the front part of the Mac is not heavy, it is the same. You can also use a walk to walk this side to see if there are the same mac,

After the port number is obtained, set. 1.3.6.1.2.1.17.2.15.1.4.portnumber disable (2)
It's down.

This is the process. You can use snmpapi to automate port sealing, but now the switch you see is relatively upper-layer. One port has Mac, this method is not suitable ,,

Iso.org. DOD. Internet. Mgmt. mib-2.dot1dBridge.dot1dStatic.dot1dStaticTable.dot1dStaticEntry.dot1dStaticAddress
Oid 1.3.6.1.2.1.17.5.1.1.1
This is similar to ACL, which can prohibit a mac on a port. It is similar to the above usage, followed by a decimal Mac and port number. The value is Mac.
I have not yet implemented this OID value and created a new process. The reason is unclear. Error indicates snmp_errorstatus_badvalue, but it does not seem to be, it still doesn't work if I give the get value to the past...

Bytes ----------------------------------------------------------------------------------------------

Now I think there are two ways to implement anti-theft of IP addresses (MAC and IP addresses stolen together) on the campus network, one is that users with stolen IP addresses can submit their stolen Mac and IP addresses after authentication, and find the switch (generally in the same broadcast domain) where the hacker is located through the IP address ), use SNMP to find the corresponding port on the Mac, which must be on the vswitch on the desktop; otherwise, too many people will be affected.
The other is the probe method. I have not understood rmon, but I can also do it myself. I regularly list all the MAC addresses on the switch, compared with the previous one, I have to try it. I don't know if there are any other situations that affect the changes in Mac. I found the changes in the two-column Mac at an interval of about one day, there are more mac, not newly added machines, or stolen machines, and may also be reduced. If there are two identical ones, it must be a problem ,,, every time I find out the changed Mac (multiple or fewer), it is very likely that the IP address is stolen ,,, but to tell the truth, I still don't know how many people steal IP addresses in the school. No one around me has this problem ,,,,