find IP address/machine connected to a cisco switch port

Unanswered Question
Apr 1st, 2006

hello,

I need to know which IP/device is connecetd to a cisco Switch port.

I can get the mac-address of that switch port using sh mac-add command, but with the mac address how can i find that which ip belongs to this mac.

is there way i can do this, i know i can do the other way meaning with IP i can find to which port its connected ,but dont know how to find this MAC to IP with switch without the need for additional tools

I have this problem too.
2 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 4.8 (10 ratings)
pkhatri Sat, 04/01/2006 - 01:10

Hi,

As you have discovered, there is really no easy way to discover the IP address of the device connected to a port.

As you indicated, you can get the MAC address of the device by using the 'show mac-address-table' command. Once you have done that, you can do one of two things:

- if the switch is a L3 switch, issue the command 'sh ip arp' to see if the MAC address is one that has been resolved recently. In that case, the IP address associated with that MAC address is the IP of the device connected to that port

- if the switch is not a L2 switch, go to the router that does inter-vlan routing and issue the command 'sh ip arp' to see if the MAC address is one that has been resolved recently. In that case, the IP address associated with that MAC address is the IP of the device connected to that port.

Pls do remember to rate posts.

Paresh

trackme Sat, 04/01/2006 - 04:35

hello,

thanks for your answer,

as you know the ip arp table will have entries when either that ip is pinged or using routing actions as its a layer 3 function.

i have seen the arp table will show only when u ping the ip, so in this case i dont the ip and its really difficult some times who is connected to that switch port.

i have seen tools which will convert mac to ip, but i want to know whether within the switch is it possible or not.

johgill Sat, 04/01/2006 - 08:20

The mac address will not yield the IP address. You can track the port down and once you do that, look at the ARP table for that segment.

"show ip arp | include "

If it is not there, then it is not an active host talking to other networks.

trackme Mon, 04/03/2006 - 23:50

hello,

thanks for your reply. I have seen in many cases where only after i ping a certain device, it gets in to the arp table , belive me :)

so when i dont know the ip address and also that mac address not in the arp table how can i find that which device is connected to that port.

for example in my switch, i have some more than 30 devices conected to it, but when ever i issue a show arp command, i can see only two or three devices in the arp table.

if i ping an ip which is not in the arp table and check again for the arp table, this new entry will be there.

so in this kind of situation how can i find an ip/device with mac address only.

johgill Tue, 04/04/2006 - 03:40

Can you make sure to show ARP on the L3 gateway of that network?

If you are saying that this is the case, then you probably do not have an active host. A subnet broadcast may help here if it responds.

glen.grant Sat, 04/01/2006 - 05:10

If the switch is not trunked to a layer3 device , (single vlan ) sometimes you can get it by pinging the broadcast address of the subnet from the switch and then look in the arp table on the switch itself , in a trunked situation this will not work .

halcanites Wed, 05/22/2013 - 09:50

Has anybody else used this ccgetmacaddress tool?  I downloaded a 15 day trial and kinda like it.  Only concern is that I found that this company is in China.

amit-singh Tue, 04/04/2006 - 00:25

You can also download a freeware tool, ccgetmacaddress, with this tool you can get the IP to MAC or MAC to IP.

I have used it many times, it works :-)

HTH, Please rate if it does.

-amit singh

trackme Tue, 04/04/2006 - 04:42

i was already using that tool as i was mentioning in the posts that i can find with external tools :)

,but the issue is that this software will find that only when you specify an ip address in that range , for example u need to specify a range in your network.

Also its not freeware i think as mine expired in 14 days, is that really free since its very good tool for every one i guess.

miller811 Thu, 06/21/2012 - 14:33

Lots of good advice already, but you need to follow the process. Get the MAC address associated to the port. From the switch determine the VLAN, from the vlan determine the IP broadcast for the vlan. Ping the broadcast address for the L3 device and then show arp | in mac address to get the answer 

masquerade Thu, 07/19/2012 - 01:38

I'm late into this thread - but it looks as though this will help me.  I have dozens of switches of various ages split across a number of geographically separate locations - each location joined by a third-party WAN provider so that I don't have access to the routers.  Each location has a different sub-net.  I am looking to trawl the network looking to see what equipments are connected to which port of each switch.  There will be a mix of printers, laptop and desktop PCs - with a small number of servers.  The printers and servers will mostly have static IP addresses. The desktop PCs will use DHCP but will be (in effect) static.  The laptops will go from site to site and so from switch to switch.

Most switches are L2.  Trawling is done using a "home-coded" SNMP-based application so I can amend this as required.  I have the IP address and SNMP community strings for each switch.

I already have a tool (SolarWinds IP address tracker) that pings each address in each subnet on a regular basis so enabling me (for example) to spot unused addresses.  So I presume that the ARP table of each switch will have the MAC and IP address associated with each port - especially if I run the "address tracker" just before I do my "trawl".

So - is my process valid?

a) Run the IP address tracker

b) use SNMP to access the ARP table to extract IP and MAC of the device attached to each port

Chris

LAAsm2012b Wed, 10/17/2012 - 11:37

sh cdp nei det           

this CLI only shows cisco devices that connect to the switch, won't show any non cisco devices.

juan_diego_rodriguez Mon, 09/17/2012 - 15:06

Hi Trackme You can use the following command 'show ip arp' to see if the MAC address is  one that has been resolved recently, also you could use "show cdp neighbors detail" and see the type of device, ip , mac address and timers

If this answer was satisfactory for you, please mark the question as Answered.

Thank you

itdept@ushustech.com Fri, 09/28/2012 - 02:13

Hi,

     Am too late to this post. If you want to find IP connectd to a specific Port enable TP Tracking in your swicth and run,

"sh mac address-table". This will give which MAC is connected to which port.

"sh ip device tracking interface gigabitEthernet ". This will give which IP is connectd to a port.

"sh ip arp" will give you a IP to MAC table

ashirkar Tue, 10/02/2012 - 02:56

Hey Anantha ,

Hop u r doing good,

If u dont know ip address of devices present on specific vlan and wanted to track end device ip address please try

follow this below

steps 1:ping it to brodcast ip address of subnet

for ex

R1--SW1--SW2--(H1

                             --H2

R1..1.1.1.1/24

H1..1.1.1.2/24

H2.1.1.1.3/24

So u r brodacast ip is 1.1.1.255

ping  1.1.1.255

Sending 1000, 100-byte ICMP Echos to 1.1.1.255, timeout is 2 seconds:

........

Reply to request 8 from 1.1.1.2, 28 ms

Reply to request 9 from 1.1.1.3, 64 ms

u will get reply from all host present on that segment and ur arp table will get flood with ip and respective mac on

your L3 device...(R1 in this example)

Step2: then u can use command

sh ip arp ..to see ip and respective mac associate with it

R1#sh ip arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  1.1.1.1                 -   c000.2498.0000  ARPA   Vlan2

Internet  1.1.1.2                 0   c003.2498.0000  ARPA   Vlan2

Step3: see the mac learned from specific port

R1#sh mac address c003.2498.0000

Destination Address  Address Type  VLAN  Destination Port

-------------------  ------------  ----  --------------------

c003.2498.0000          Dynamic       2     FastEthernet1/1

Step4:If  u have all cisco devices then u can use CDP

to check wht device connect to ur interface

R1#sh cdp ne fa1/1 detail

-------------------------

Device ID: SW1.lab.local

Follow this way, hop u will trace devices present on ur network

Hop this informative,

Regards,

Ashish shirkar

rajeev_k_ranjan Sun, 10/14/2012 - 22:03

Hello trackme,


Is this question still on? Have you got answer for what you were looking? IF so, please post it here and mark it answered.


If not, i would like to thank you for asking such question and thank you everyone for posting all the relevant answers. I was too looking if we can track IP of a device using MAC or interface known.


I tried everything mentioned above but, hard luck. Nothing worked. Finally, i tried this to track IP which worked for me:


sh ip dhcp snooping binding interface gig 1/0/2 ---if you know the interface

sh ip dhcp snooping binding mac XXXX.XXXX.XXXX ---if you know the MAC

Assuming that DHCP snooping is enabled.


or sh ip source binding

or sh arp | in xxxx.xxxx.xxxx


Hope, this helps you as well.


Regards,

Rajeev

walter baziuk Mon, 01/07/2013 - 22:14

the best answer seems to be

log onto the rtr or gateway device

ping the broadcast addreess of the vlan in question

sh ip arp

all devices with an ip will respond and be visble in the arp table

note, some devices "may" not respond. they are designed that way , for specific reasons

Paolo Bevilacqua Thu, 05/23/2013 - 02:27

all devices with an ip will respond and be visble in the arp table

note, some devices "may" not respond. they are designed that way , for specific reasons

Actually, only Cisco routers respond to pings to the broadcast address. PCs and other endpoints do not. So it a technique of limited use.

Bhautik.Trambadiya Wed, 02/20/2013 - 06:36

If you have Mac Address than , login to your cisco l3 switch which is connected to L2 Switch ,

In Cisco L3 Switch Type # sh ip dhcp binding assigned . here u need to find exact mac address which is might be start with 01 or 11 . thats it , there only u will find ip address which is associated to relevent Mac address.

othere than u can also enable cdp discovery in switch and type #sh cdp nei details

ravsingh Tue, 05/28/2013 - 19:55

You can use the below command to check the ip address of devices

"show ip arp | include "

or

show cdp neighbors detail | begin MACADDRESS

Collin_Clark Wed, 05/29/2013 - 19:42

IMO it pays off to know how to do this instead of paying for and using some 3rd party tool. Here's a write up I did for some teammates.

http://www.packetpros.com/2012/08/find-device-in-network.html

Sent from Cisco Technical Support Android App

Actions

Login or Register to take actions

This Discussion

Posted April 1, 2006 at 12:57 AM
Stats:
Replies:27 Avg. Rating:4.75
Views:190153 Votes:2
Shares:5
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 2,069
2 1,732
3 1,675
4 1,624
5 1,529