Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
4
Replies

Node Identification

kellyrudnick
Level 1
Level 1

‎11-12-2008 09:25 AM

Hi all,

Here is the scenario:

We use DHCP on our network. machine A connects and receives an IP address. We want to locate where that machine with IP x.x.x.x is connected at. How can we track the MAC (or IP) to an access port on a switch? The termination point that the node connected with is hardwired, so if we know what switch or even what port on what switch the device connected to, we would have an idea where the machine is at least getting on the network from.

Access switches are 3560

Distibution switches are 3500

Core L3 switches are 3750

Suggestions?

Labels:
0 Helpful
4 Replies 4

Joe Clarke
Cisco Employee
Cisco Employee

‎11-12-2008 09:28 AM

See http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a9b.shtml . This is the method by which CiscoWorks Campus Manager is able to track where an end host is connected. It first gets all the MAC to port mappings from the switches' CAM/MAC tables, then it correlates those to the ARP entries from routers. The end result is a report which displays MAC, switch port, and IP address for the end host.

0 Helpful

kellyrudnick
Level 1
Level 1
In response to Joe Clarke

‎11-12-2008 12:39 PM

I thought that Solarwinds Switchport Mapper would do the same, but I have had no success. Has anyone used the switchport mapper from soalrwinds to do this?

0 Helpful

kellyrudnick
Level 1
Level 1

‎11-12-2008 01:38 PM

Outside of Cisco Campus Manager is there cheaper method or package?

Jon.Marshall suggested:

"Okay this is a 2 step process -

on the L3 device that is responsible for routing the vlan you are concerned with

1) sh arp | include

this will give you the IP to mac-address mapping

then on the switch you think it is connected to

2) sh mac-address-table address

Note that on a switched network when you do step 2 it may well return the link that connects to another switch. So you then need to log on to that switch and rerun step 2.

Jon"

This worked fine, but the problem is trying to determine what switch to check when you have 50 or more in the environment. Is there a way to pull or trap this information to determine which switch on the network is the one the rogue node is connected to?

0 Helpful

yjdabear
VIP Alumni
VIP Alumni
In response to kellyrudnick

‎11-12-2008 02:48 PM

This usually doesn't need any tool (free or not) at all.

Instead of "sh arp | include ", ping the rogue node first from the router (assuming you've done traceroute, and this router is the last hop in front of the rogue), followed by "show ip arp ". Now "sh mac-address-table address ". This should show an Interface. Then "show cdp neighbor" or "show interface" on that interface, or trace the cable to find the switch. On the switch, use "show cam " if CatOS, or "sh mac-address-table address " if IOS to locate the rogue's connected port.

0 Helpful
Customers Also Viewed These Support Documents