cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
763048
Views
180
Helpful
37
Replies

find IP address/machine connected to a cisco switch port

trackme
Level 1
Level 1

hello,

I need to know which IP/device is connecetd to a cisco Switch port.

I can get the mac-address of that switch port using sh mac-add command, but with the mac address how can i find that which ip belongs to this mac.

is there way i can do this, i know i can do the other way meaning with IP i can find to which port its connected ,but dont know how to find this MAC to IP with switch without the need for additional tools

37 Replies 37

pkhatri
Level 11
Level 11

Hi,

As you have discovered, there is really no easy way to discover the IP address of the device connected to a port.

As you indicated, you can get the MAC address of the device by using the 'show mac-address-table' command. Once you have done that, you can do one of two things:

- if the switch is a L3 switch, issue the command 'sh ip arp' to see if the MAC address is one that has been resolved recently. In that case, the IP address associated with that MAC address is the IP of the device connected to that port

- if the switch is not a L2 switch, go to the router that does inter-vlan routing and issue the command 'sh ip arp' to see if the MAC address is one that has been resolved recently. In that case, the IP address associated with that MAC address is the IP of the device connected to that port.

Pls do remember to rate posts.

Paresh

hello,

thanks for your answer,

as you know the ip arp table will have entries when either that ip is pinged or using routing actions as its a layer 3 function.

i have seen the arp table will show only when u ping the ip, so in this case i dont the ip and its really difficult some times who is connected to that switch port.

i have seen tools which will convert mac to ip, but i want to know whether within the switch is it possible or not.

The mac address will not yield the IP address. You can track the port down and once you do that, look at the ARP table for that segment.

"show ip arp | include "

If it is not there, then it is not an active host talking to other networks.

hello,

thanks for your reply. I have seen in many cases where only after i ping a certain device, it gets in to the arp table , belive me :)

so when i dont know the ip address and also that mac address not in the arp table how can i find that which device is connected to that port.

for example in my switch, i have some more than 30 devices conected to it, but when ever i issue a show arp command, i can see only two or three devices in the arp table.

if i ping an ip which is not in the arp table and check again for the arp table, this new entry will be there.

so in this kind of situation how can i find an ip/device with mac address only.

Can you make sure to show ARP on the L3 gateway of that network?

If you are saying that this is the case, then you probably do not have an active host. A subnet broadcast may help here if it responds.

sh ip dev trac ip xxx.xxx.xxx.xxx

glen.grant
VIP Alumni
VIP Alumni

If the switch is not trunked to a layer3 device , (single vlan ) sometimes you can get it by pinging the broadcast address of the subnet from the switch and then look in the arp table on the switch itself , in a trunked situation this will not work .

Has anybody else used this ccgetmacaddress tool?  I downloaded a 15 day trial and kinda like it.  Only concern is that I found that this company is in China.

amit-singh
Level 8
Level 8

You can also download a freeware tool, ccgetmacaddress, with this tool you can get the IP to MAC or MAC to IP.

I have used it many times, it works :-)

HTH, Please rate if it does.

-amit singh

i was already using that tool as i was mentioning in the posts that i can find with external tools :)

,but the issue is that this software will find that only when you specify an ip address in that range , for example u need to specify a range in your network.

Also its not freeware i think as mine expired in 14 days, is that really free since its very good tool for every one i guess.

miller811
Level 1
Level 1

Lots of good advice already, but you need to follow the process. Get the MAC address associated to the port. From the switch determine the VLAN, from the vlan determine the IP broadcast for the vlan. Ping the broadcast address for the L3 device and then show arp | in mac address to get the answer 

I'm late into this thread - but it looks as though this will help me.  I have dozens of switches of various ages split across a number of geographically separate locations - each location joined by a third-party WAN provider so that I don't have access to the routers.  Each location has a different sub-net.  I am looking to trawl the network looking to see what equipments are connected to which port of each switch.  There will be a mix of printers, laptop and desktop PCs - with a small number of servers.  The printers and servers will mostly have static IP addresses. The desktop PCs will use DHCP but will be (in effect) static.  The laptops will go from site to site and so from switch to switch.

Most switches are L2.  Trawling is done using a "home-coded" SNMP-based application so I can amend this as required.  I have the IP address and SNMP community strings for each switch.

I already have a tool (SolarWinds IP address tracker) that pings each address in each subnet on a regular basis so enabling me (for example) to spot unused addresses.  So I presume that the ARP table of each switch will have the MAC and IP address associated with each port - especially if I run the "address tracker" just before I do my "trawl".

So - is my process valid?

a) Run the IP address tracker

b) use SNMP to access the ARP table to extract IP and MAC of the device attached to each port

Chris

I followed this exact process and it worked perfectly. Thank you miller811 and Five Stars!

sh cdp nei det

Alessio

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco