Automating Switch Port Mapping: SNMP-Based Solutions for HP ProCurve Network Discovery


6 views

Network administrators know the pain of maintaining accurate switch port documentation. With HP ProCurve switches (now Aruba switches), manually tracking connected devices becomes outdated the moment you finish documenting. This creates:

  • Security vulnerabilities from unknown devices
  • Troubleshooting delays during outages
  • Compliance audit failures

Simple Network Management Protocol (SNMP) provides real-time visibility into switch ports. For HP ProCurve switches, these OIDs are particularly useful:

# Python example using PySNMP
from pysnmp.hlapi import *

def get_switch_ports(switch_ip, community='public'):
    errorIndication, errorStatus, errorIndex, varBinds = next(
        getCmd(SnmpEngine(),
               CommunityData(community),
               UdpTransportTarget((switch_ip, 161)),
               ContextData(),
               ObjectType(ObjectIdentity('IF-MIB', 'ifDescr')))
    )
    
    if errorIndication:
        print(errorIndication)
    elif errorStatus:
        print(f"{errorStatus.prettyPrint()} at {errorIndex}")
    else:
        for varBind in varBinds:
            print(varBind)

The bridge MIB contains the golden information for device discovery:

# Bash example using snmpwalk
snmpwalk -v 2c -c public switch_ip .1.3.6.1.2.1.17.4.3.1.1
snmpwalk -v 2c -c public switch_ip .1.3.6.1.2.1.17.4.3.1.2

Combine this with ARP tables from your routers to build a complete device map.

Here's a more complete script to automate the process:

import pandas as pd
from pysnmp.hlapi import *

def build_port_map(switch_ip):
    # Get port descriptions
    port_descriptions = {}
    for (errorIndication, errorStatus, errorIndex, varBinds) in \
        nextCmd(SnmpEngine(),
                CommunityData('public'),
                UdpTransportTarget((switch_ip, 161)),
                ContextData(),
                ObjectType(ObjectIdentity('IF-MIB', 'ifDescr'))):
        
        if errorIndication:
            raise Exception(errorIndication)
        elif errorStatus:
            raise Exception(errorStatus)
        
        for varBind in varBinds:
            port_num = varBind[0][-1]
            port_descriptions[port_num] = str(varBind[1])
    
    # Get MAC address table
    mac_table = []
    for (errorIndication, errorStatus, errorIndex, varBinds) in \
        nextCmd(SnmpEngine(),
                CommunityData('public'),
                UdpTransportTarget((switch_ip, 161)),
                ContextData(),
                ObjectType(ObjectIdentity('BRIDGE-MIB', 'dot1dTpFdbPort'))):
        
        if errorIndication:
            raise Exception(errorIndication)
        elif errorStatus:
            raise Exception(errorStatus)
        
        for varBind in varBinds:
            mac = ':'.join(f"{x:02x}" for x in varBind[0][-6:])
            port = varBind[1]
            mac_table.append({'mac': mac, 'port': port})
    
    return pd.DataFrame(mac_table).merge(
        pd.DataFrame.from_dict(port_descriptions, orient='index', columns=['port_name']),
        left_on='port',
        right_index=True
    )

For larger networks, consider these tools that support HP ProCurve:

  • SolarWinds Network Topology Mapper
  • Paessler PRTG Network Monitor
  • ManageEngine OpUtils

Implement these practices:

  1. Schedule nightly SNMP polls
  2. Compare changes with previous scans
  3. Integrate with your CMDB
  4. Set up alerts for unauthorized devices

Manually documenting switch port connections is one of those thankless tasks that every network admin dreads. The moment you finish updating your spreadsheets or Visio diagrams, someone makes a change in the production environment, and your documentation becomes obsolete. For teams managing HP ProCurve switches (now Aruba switches), this challenge is particularly acute due to the dynamic nature of modern networks.

Simple Network Management Protocol (SNMP) provides a standardized way to query network devices for connection information. The beauty of SNMP lies in its ubiquity - nearly all enterprise-grade switches, including HP ProCurve models, support it out of the box.

Here's a basic Python example using PySNMP to query a switch:

from pysnmp.hlapi import *

iterator = getCmd(
    SnmpEngine(),
    CommunityData('public'),
    UdpTransportTarget(('switch_ip', 161)),
    ContextData(),
    ObjectType(ObjectIdentity('IF-MIB', 'ifDescr'))
)

for errorIndication, errorStatus, errorIndex, varBinds in iterator:
    if errorIndication:
        print(errorIndication)
    elif errorStatus:
        print('%s at %s' % (errorStatus.prettyPrint(),
                            errorIndex and varBinds[int(errorIndex)-1][0] or '?'))
    else:
        for varBind in varBinds:
            print(' = '.join([x.prettyPrint() for x in varBind]))

Link Layer Discovery Protocol (LLDP) provides even more detailed information about connected devices. HP ProCurve switches support LLDP out of the box (though you may need to enable it). The LLDP-MIB contains valuable information including:

  • System name and description of connected devices
  • Port descriptions and capabilities
  • MAC addresses
  • VLAN information

Here's how to query LLDP neighbors using SNMP:

lldp_objects = [
    '1.0.8802.1.1.2.1.3.7.1.2',  # lldpRemSysName
    '1.0.8802.1.1.2.1.3.7.1.4',  # lldpRemPortDesc
    '1.0.8802.1.1.2.1.3.7.1.7'   # lldpRemSysDesc
]

for oid in lldp_objects:
    iterator = nextCmd(
        SnmpEngine(),
        CommunityData('public'),
        UdpTransportTarget(('switch_ip', 161)),
        ContextData(),
        ObjectType(ObjectIdentity(oid)),
        lexicographicMode=False
    )
    # Process results...

For teams that prefer ready-made solutions, consider these open source tools:

  1. NetDisco: Perl-based network management tool that automatically discovers and maps network topology
  2. Observium: PHP-based network monitoring platform with auto-discovery features
  3. LibreNMS: Fork of Observium with enhanced features and community support

Here's a sample configuration snippet for NetDisco to work with HP ProCurve switches:

# In netdisco.conf
[device_auth]
hp = public,private
procurve = public,private
aruba = public,private

[discover]
discover_ports = yes
discover_nodes = yes
discover_neighbors = yes

Advanced implementations can integrate this data with other systems:

  • CMDB integration for asset management
  • Automated documentation generation
  • Change detection and alerting
  • Network diagram automation (Graphviz, D3.js visualizations)

For example, you could create a simple Flask API to expose this data:

from flask import Flask, jsonify
from pysnmp.hlapi import *

app = Flask(__name__)

@app.route('/api/switch/<switch_ip>/ports')
def get_ports(switch_ip):
    # SNMP query logic here
    return jsonify(port_data)

if __name__ == '__main__':
    app.run()

When implementing automated discovery:

  • Use SNMPv3 with authentication instead of community strings where possible
  • Restrict SNMP access to specific management IPs
  • Consider implementing read-only access for discovery tools
  • Regularly audit your SNMP configurations