Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
John_Fleming
Advisor

no way to view switch mac address database

I think in cisco terms this is called the CAM table (show mac address-table address $MAC), but since checkpoint is making SMBs with many switch ports (really even with 4 this should be possible) they really need to show the user where MACs. As in port 1, port 2, port 3 etc. 

 

For example out of the box you will have LAN1_Switch. Its currently impossible to know what port a given mac address is attached to. All you will get back is "LAN1". In the event a bad actor on the internal switch the only option is to shutdown everything and then enable them one by one to find the port.

I seem to remember checkpoint making fun of some vendor for bringing this up as a solutions to some short coming that vendor had.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

Ye olde "arp" command in expert mode shows you what bridge a particular MAC address is attached to (e.g. br0).
With ifconfig output, you should be able to figure out what that bridge (and port(s)) actually maps to.
However, it won't show you what actual port a particular MAC is attached to.
In fact, if you look under the hood, you'll see that all the ports attached that switch have exactly the same MAC address.
And if you were to try and do a tcpdump on a specific one (say LAN6), it won't show anything (even after you "up" the interface, which is normally down).

brctl (the underlying CLI command for bridges in Linux) will actually show you what "port number"a particular MAC is associated with, but that only helps when you are bridging, say, a WLAN with LAN ports.
For the physical ports, it seems to show the same port number for all.

This is a long-winded way of saying: you appear to be correct.
My guess is that this is an RFE.
0 Kudos
John_Fleming
Advisor

Cough cough (arp layer 2 to 3 mapping not maintaining layer 2 forwarding database) cough cough

The linux bridge command would be the technically correct command.

 

BRIDGE(8) Linux BRIDGE(8)

NAME
bridge - show / manipulate bridge addresses and devices

etc etc etc...

BRIDGE - COMMAND SYNTAX OBJECT
link - Bridge port.

fdb - Forwarding Database entry.

mdb - Multicast group database entry.

vlan - VLAN filter list.

 

I bet money that the information is already in the proprietary marvell driver. Just needs to be read from the device file.

[Expert@]# ls -l /dev/marvell
crw-r--r-- 1 root root 10, 3 Feb 16 01:00 /dev/marvell
[Expert@]#

Now.. if it was the open source in kernel driver.. but oh well...

 

BTW at some point someone removed support for the internal SD card reader on the 1550. The butthurt is much. I'm going to have to migrate to my 1550 Kali install to USB. </sadpanda>

 

I'd open a SR but seeing as the SD card reader is COVERED i'm guessing i'm going to be told its not supported.

0 Kudos
PhoneBoy
Admin
Admin

The bridge command is not part of embedded Gaia currently.
That would most definitely help here.
Definitely in RFE territory here.
0 Kudos
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events