Strange Behavior

Unanswered Question

Hello Experts!

i Have couples of question if you plz?

1)how can i trace Specific mac-address in Network

2)if u have this command:no mls flow ipv6 on ur DS and on client Machine(XP IPv6 enabled but not configured,now when u disconect the cable from the oulet and re-back it ur computer can't communicate across the Network.until u disabled IPv6 on the machine than every thing work fine.has any one encouter like this strange problem.

any idea

many 10xs

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.

Not sure on #2 but I do have an answer for number one.

To trace a mac on a network you will be able to do so in a limited fashion. Each time a packet is transmitted by a layer 3 device (router) the packet will assume the mac address of the outside interface. Let's say for example you know the IP address of the davice but not the mac. This is much easier to trace than the mac-address because you can go from router to router to trace the mac address.

Here is an example assuming you have the IP address of the target device and you have access to each routing hop alone the way. (It does not matter how many interfaces each device has because you will be able to trace it.)

Here is the lab.

6500 with multiple VLANS with target machine with mac 0001.0033.8999 and IP of 192.168.1.100 on FA7/12

2811 with inside interface attaching to a layer three interface in the 6500 and a layer 3 interface on another 6500. Your machine attaches to an interface on the second 6500.

If you were to do a show mac-address-table | in 0001.0033.8999 on the second switch you would not see anything. If you did a show arp | in 192.168.1.100 on that switch you would see a mac address that belongs to the last hop. You would then go to the 2811 and issue a show arp | in 192.168.1.100 and you would see a mac address that corresponds to the 6500 but not your end device. It would not be until after you issue the show arp | in 192.168.1.100 on the 6500 that your target device is attached to will you see the mac address. You can then issue the show mac-address-table | in 0001.0033.8999 to find the interface that PC is attached to. There are thrid party software (CiscoWorks with UTLite (Usertracker Lite)that will enable you to track users and mac addresses across your enteprise.

mheusing Mon, 12/10/2007 - 10:30

Hi,

1) In a network with only Cisco switches you can use "traceroute mac". As there is no TTL field in ethernet frames, it actually uses CDP to collect the MAC-to-port mapping accross Cisco switches. Have a look at

http://www.cisco.com/en/US/docs/switches/metro/me6500/software/12.2_18_ZU/command/reference/U1.html#wp1066736

The same command is avalable on many Cisco Catalyst switches, I just picked the first link search for "traceroute mac" gave me.

2) "no mls flow ipv6" is used to turn of NetFlow for IPv6. To my knowledge this should by no means prevent IPv6 traffic through a switch. So the best bet is to have a look at the XP IPv6 implementation and configuration options first.

Regards, Martin

Actions

This Discussion