Node Identification

Unanswered Question
Nov 12th, 2008
User Badges:

Hi all,


Here is the scenario:


We use DHCP on our network. machine A connects and receives an IP address. We want to locate where that machine with IP x.x.x.x is connected at. How can we track the MAC (or IP) to an access port on a switch? The termination point that the node connected with is hardwired, so if we know what switch or even what port on what switch the device connected to, we would have an idea where the machine is at least getting on the network from.


Access switches are 3560

Distibution switches are 3500

Core L3 switches are 3750


Suggestions?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 11/12/2008 - 09:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Okay this is a 2 step process -


on the L3 device that is responsible for routing the vlan you are concerned with


1) sh arp | include


this will give you the IP to mac-address mapping


then on the switch you think it is connected to


2) sh mac-address-table address


Note that on a switched network when you do step 2 it may well return the link that connects to another switch. So you then need to log on to that switch and rerun step 2.


Jon

kellyrudnick Wed, 11/12/2008 - 13:34
User Badges:

Jon, your solution worked perfectly. Now I have to ask, what if you are in a network with 50 switches and have no clue which one that MAC may be connected to. Is there a software solution, or technique to determine which switch, so you can find out the port using the method in "step 2"?


Thanks.


Jon Marshall Wed, 11/12/2008 - 14:00
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kelly


I suspect CiscoWorks could do this although i don't know for sure.


It's important to realise that you should always be able to start from the L3 switch because that is where the L3 vlan is and that is where the arp table is. Once you have the mac-address from the arp table when you run


sh mac-address-table address on the same switch there really can only be one of 2 results


1) You get the port that the device is patched into


OR


2) You get a port that is a connection to another switch. Usually this port will be a trunk port and it may well be a member of an etherchannel.


if 2) then run "sh cdp neigh detail" and this will give you the IP address of the switch at the other end.


Telnet into that switch and repeat step 2. Depending on your topology you may have to jump to other switches a number of times - my personal record was 4 i think :-)


A long time ago i wrote an expect script that automated all this but i left it at the last place i worked.


Jon

Actions

This Discussion