Tracking Switch Port Usage

Unanswered Question
Apr 14th, 2010

We have users buying their own 8-port D-link/Linksys/Netgear mini hub to connect multiple network devices.  Is there an easy way to find switch ports that have multiple MACs associated with them, excluding uplink ports?  Keep in mind that we have 1000 switches spread across 350 offices.  We have CiscoWorks RME 4.0 to use.  Any free tool that can perform such task?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Wed, 04/14/2010 - 14:57


Are you wanting to find them or stop them ?

If you want to stop them then use port-security on the access switches to only allow one mac-address per port.

Jon Wed, 04/14/2010 - 15:02


I want to find them and then provide 8-port managed Cisco switch to them.  Enable port security enterprise wide would be very intensive for me and disruptive for them.



Jon Marshall Wed, 04/14/2010 - 15:06 wrote:


I want to find them and then provide 8-port managed Cisco switch to them.  Enable port security enterprise wide would be very intensive for me and disruptive for them.




Ahh okay. Not familiar with specific tools for this. I don't have a lot of experience with Ciscoworks so not the person to answer. You may want to post on Network Management forum where Joe Clarke may well have something that could be easily modified for your use.

If you had the IP address of every switch then i would probably write a quick perl or tcl script to login to each switch, check the mac-address tables and sort through ports that have multiple mac-addresses associated with them. If you also run CDP on the switches you could then eliminate the ports that are uplinks.

Believe it or not this is the sort of thing i quite enjoy doing but i appreciate it may not be everyones idea of fun !!

Jon Wed, 04/14/2010 - 15:11

Yeah I agreed with you.  With this requirement, I almost need a custom made script to accomplish this.  I hope there is someone who had done this kind of thing before.

Leo Laohoo Wed, 04/14/2010 - 15:01

What about port security?  Try the following lines in the interface: 

   switchport port-security
   switchport port-security aging time 2
   switchport port-security violation restrict
   switchport port-security aging type inactivity Wed, 04/14/2010 - 15:04

Thanks Leo.  Port security would block their network access.  I just want to find out where these hubs are.  I would think CiscoWorks might have some tools for me to track it down?

Leo Laohoo Wed, 04/14/2010 - 15:47

Hi Kevin,

I have a more effective way of "tracking them down" for you.  *wink*, *wink*

Enable port security.  Once the port goes into error-disable, they'll call you.  You'll know who they are, where they are (and if they're pretty, their vital statistics).

If that ain't an effective way of tracking the culprits down, I don't know what is.

charlesdf22 Wed, 04/14/2010 - 18:56

You could enable enable port-security with auto recovery and snmp traps to let you know.

snmp-server enable traps port-security

I had also thought that Nedi had some sort of mechanism built in so you can look at each port and see how many mac addresses there were.  There were some other products that I have run across as well, such as NetMRI or NetDisco which should be able to do something similar out of the box. Thu, 04/15/2010 - 07:02

Thank you all.  I reposted my question in network management forum and Joe Clarke said that CiscoWorks Campus Manager has exactly what I am looking for.


Login or Register to take actions

This Discussion

Posted April 14, 2010 at 2:53 PM
Replies:9 Overall Rating:
Views:1451 Votes:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
Jon Marshall
Reza Sharifi
Giuseppe Larosa
Peter Paluch
Leo Laohoo
Rank Username Points
Jon Marshall
Joseph W. Doherty
Reza Sharifi
Peter Paluch
Bilal Nawaz