Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
329
Views
0
Helpful
3
Replies

Node Identification

kellyrudnick
Level 1
Level 1

‎11-12-2008 09:28 AM - edited ‎03-09-2019 09:47 PM

Hi all,

Here is the scenario:

We use DHCP on our network. machine A connects and receives an IP address. We want to locate where that machine with IP x.x.x.x is connected at. How can we track the MAC (or IP) to an access port on a switch? The termination point that the node connected with is hardwired, so if we know what switch or even what port on what switch the device connected to, we would have an idea where the machine is at least getting on the network from.

Access switches are 3560

Distibution switches are 3500

Core L3 switches are 3750

Suggestions?

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎11-12-2008 09:50 AM

Okay this is a 2 step process -

on the L3 device that is responsible for routing the vlan you are concerned with

1) sh arp | include

this will give you the IP to mac-address mapping

then on the switch you think it is connected to

2) sh mac-address-table address

Note that on a switched network when you do step 2 it may well return the link that connects to another switch. So you then need to log on to that switch and rerun step 2.

Jon

0 Helpful

kellyrudnick
Level 1
Level 1
In response to Jon Marshall

‎11-12-2008 01:34 PM

Jon, your solution worked perfectly. Now I have to ask, what if you are in a network with 50 switches and have no clue which one that MAC may be connected to. Is there a software solution, or technique to determine which switch, so you can find out the port using the method in "step 2"?

Thanks.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to kellyrudnick

‎11-12-2008 02:00 PM

Kelly

I suspect CiscoWorks could do this although i don't know for sure.

It's important to realise that you should always be able to start from the L3 switch because that is where the L3 vlan is and that is where the arp table is. Once you have the mac-address from the arp table when you run

sh mac-address-table address on the same switch there really can only be one of 2 results

1) You get the port that the device is patched into

OR

2) You get a port that is a connection to another switch. Usually this port will be a trunk port and it may well be a member of an etherchannel.

if 2) then run "sh cdp neigh detail" and this will give you the IP address of the switch at the other end.

Telnet into that switch and repeat step 2. Depending on your topology you may have to jump to other switches a number of times - my personal record was 4 i think :-)

A long time ago i wrote an expect script that automated all this but i left it at the last place i worked.

Jon

0 Helpful
Customers Also Viewed These Support Documents