Mac address collector in SNMP mode

4.1

Author:: IMFirewall Software
HomePage:: http://www.wfiltericf.com

In a multiple-segments network, WFilter can not get clients' mac addresses unless a "mac address collector" is deployed.

"Mac address collector" can gather subnet mac addresses and send to the WFilter server. It works in two modes:

SNMP mode(recommended): get mac addresses from manageable switches via SNMP protocol.
ARP mode: get subnet mac addresses via ARP broadcasting.

SNMP mode is simpler for deployment. However, it requires the SNMP support in your core switch. In this guide, we will demonstrator how to setup mac address collector in SNMP mode. Network topology diagram:

Figure 1

In this example, the "mac address collector" and WFilter are installed in a same computer, 192.168.1.35 is a three layer switch. Please check below steps:

1. Install the "mac address collector"

As in "Figure 2", input the WFilter server's ip address and choose "SNMP mode".

Figure 2

SNMP Syntax: snmpwalk -v 2c -c public -Mmibs 192.168.1.35 ipNetToMediaPhysAddress

Format: IP-MIB::ipNetToMediaPhysAddress\.\d+.*

The "mac address collector" has integrated snmpwalk module for SNMP query. In this example, it will use snmpwalk to get "ipNetToMediaPhysAddress" from 192.168.1.35.

Figure 3

2. WFilter

When "mac address collector" is not installed, WFilter can not monitor the real mac address when this client is in another subnet.

Figure 4(Monitored mac address in WFilter)

Figure 5(Real mac address)

Now WFilter is able to get the real mac address when "mac address collector" is enabled.

Figure 6