Hi, imagine someone reports that in company network management alarm shows a certain machine which broadcasts to bootp and only info available is MAC-address.
Anyone has any good methodology on how to track and find a node given only the MAC-address info?
is DHCP service enabled in vlan3 or not?
if it is not enabled the device is simply trying to get an answer from a DHCP server with bootp.
Unfortunately not getting an answer it will be silent and will be removed from CAM tables within 300 seconds
check also with
sh ip arp | inc 0015.211c.1e89
on layer3 devices only the C2960 cannot have it in ARP table unless their management IP address is in the same Vlan 3.
Another important tool in this kind of search is to identify the vendor from the first 3 bytes of MAC address (OUI)
by inserting the OUI in format HH-HH-HH or simply HHHHHH
that is 001521 in your case we get:
00-15-21 (hex) Horoquartz
001521 (base 16) Horoquartz
FONTENAY LE COMTE VENDEE 85205
looking for the web page of this company, you can discover they sell also badge readers for access control.
Well it is also possible that some device has a fake MAC address and it using this OUI.
Or someone has installed a device from that company
Hope to help