Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to find Static IP user in a huze network

Hi,

Please help on below issue.

I have huze campus network with more than 100 swithes ...

I have assained few IPs to servers statically , everyday some people are using some of the IPs from the network and making network insteability...

I am trying to find the user from Cisco works user tracking option but fact is its not able to user who is holding the IP for less than 12 hours, If i am not wrong.

Kindly help me how to trace the user who is using the IP with less time...

Its giving me more trouble on daily activites..

Regards

Suresh Chandra

Info networks

12 REPLIES

How to find Static IP user in a huze network

Hi Suresh,

Why dont you track the guy like where he is connected physically on the network by using that IP. Then you can get in touch with that guy and take necessary actions.

Use arp table.

sh ip arp xx.xx.xx.xx
sh mac-a add aaaa.bbbb.cccc


Please rate the helpfull posts.
Regards,
Naidu.

New Member

How to find Static IP user in a huze network

Hi,

Thanks for the reply...

But how can i find the MAC address of the user to use sh ip arp command..

Rgds

Chandra

How to find Static IP user in a huze network

Hi,

The "sh ip arp" command will provide that.

#sh ip arp 10.37.2.10
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.37.9.50              4   19a5.0662.d430  ARPA   Vlan1


#sh mac-a add 18a9.0552.d430
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    19a5.0662.d430    DYNAMIC     Gi2/6

Please rate the helpfull posts.
Regards,
Naidu.

New Member

How to find Static IP user in a huze network

Hi,

I am using cisco 2950 switch, With sh ip arp x.x.x.x i am able to find only vlan and mac address but how can i find the user in 100 switches where he is connected.

Rgds

Chandra

Green

How to find Static IP user in a huze network

Hi,

I take it that you are using a router or intervlan L3 switch in your network.

As you have assigned static IP addresses you must know what the default gateway IP addresses are

Usually the default gateway will be the local router on VLAN/subnet.

E.g.

You want to assign 192.168.100.100 to a device.

You no the mask is 255.255.255.0

The default gateway is 192.168.100.254

You ping ping 192.168.100.100 to test if someone is already using that address.

Yes it responds to ping

You need to logon to the router at 192.168.100.254

sh arp | incl 192.168.100.100

This will give the MAC

eg. AAAA.BBBB.CCCC

You now need to use the sh mac-address-table address AAAA.BBBB.CCCC

The output should give the port/interface.

It may be on an uplink port to another switch so you need to hop there and repeat sh mac-address-table address AAAA.BBBB.CCCC

till you find the port with the offenfdng device.

HTH

Alex

Please rate useful posts

Regards, Alex. Please rate useful posts.

How to find Static IP user in a huze network

Hi,

it's more comfortable to use

trace mac

or

trace mac ip

command on the current Cisco switches.

Read this

http://www.cisco.com/en/US/customer/docs/switches/lan/catalyst2950/software/release/12.1_13_ea1/configuration/guide/swtrbl.html#wp1084348

for details.

HTH,

Milan

How to find Static IP user in a huze network

Hi,

I would suggest you to trace with the specific mac address only.
You need to login to each switch and give a command "sh mac-a add aaaa.bbbb.cccc"
In this way you can easily findout the physical connectivity of that IP.

Please rate the helpfull posts.
Regards,
Naidu.

New Member

How to find Static IP user in a huze network

Hi,

When i am using sh ip arp output is showing as below,, its HSRP virtual mac ID

Switch#sh ip arp 192.168.10.10

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.2.2.60              13   0000.0c07.ac01  ARPA   Vlan1

Output of trace mac is as below

C-203-2950#trace mac ip 172.16.255.211 192.168.10.10

Invalid destination IP address 192.168.10.10.

Layer2 trace aborted.

Please help me

Regards

Suresh Chandra

How to find Static IP user in a huze network

Hi,

as your switch does not know the MAC address assigned to IP address  192.168.10.10, this trace command syntax fails.

Try to use "trace mac any_known_mac_address mac_address_you_are_investigating"

command syntax.

Both MAC addresses have to be in the same VLAN and your sitches need to fulfil prerequisites specified in the link I sent you.

HTH,

Milan

New Member

Re: How to find Static IP user in a huze network

Firstly, your switch and/or server IPs and users really should be on different VLANs, to help mitigate something like this

That said, one thing we've done to prevent something similar was to set up PACLs on the switches' access ports

We created the PACL to block any traffic coming from say, the reserved range of IPs for the switches / network devices on the ports connected to user or end devices, while leaving it off of the trunk / uplinks

Example

Your server IPs are 10.1.1.2 - 25

Make an ACL that blocks all incoming traffic for those IPs and apply it to the access ports of the switch, minus the ones the servers actually connect to

Now, when your user sets his static IP to one of your server IPs it goes nowhere

Sent from Cisco Technical Support iPad App

New Member

How to find Static IP user in a huze network

Hi,

When i trace with souce and distination mac IDs with in same vlan i got below output,

xxxxxx#trace mac 00-90-F5-B2-C9-AB 00-19-bb-2b-ee-b4

Error: Destination Mac address not found.

Layer2 trace aborted.

Rgds

Suresh

How to find Static IP user in a huze network

Hi,

are you able to see the destination MAC in the switch forwarding table by

sh mac-add ress-table address 00-19-bb-2b-ee-b4

command?

If not, you can't trace it.

If yes, the trace command fails for some reason and you need to trace the MAC address manually connecting to each sith on the path.

HTH,

Milan

763
Views
0
Helpful
12
Replies
CreatePlease login to create content