cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2113
Views
0
Helpful
12
Replies

How to find Static IP user in a huze network

suresh.cisco123
Level 1
Level 1

Hi,

Please help on below issue.

I have huze campus network with more than 100 swithes ...

I have assained few IPs to servers statically , everyday some people are using some of the IPs from the network and making network insteability...

I am trying to find the user from Cisco works user tracking option but fact is its not able to user who is holding the IP for less than 12 hours, If i am not wrong.

Kindly help me how to trace the user who is using the IP with less time...

Its giving me more trouble on daily activites..

Regards

Suresh Chandra

Info networks

12 Replies 12

Latchum Naidu
VIP Alumni
VIP Alumni

Hi Suresh,

Why dont you track the guy like where he is connected physically on the network by using that IP. Then you can get in touch with that guy and take necessary actions.

Use arp table.

sh ip arp xx.xx.xx.xx
sh mac-a add aaaa.bbbb.cccc


Please rate the helpfull posts.
Regards,
Naidu.

Hi,

Thanks for the reply...

But how can i find the MAC address of the user to use sh ip arp command..

Rgds

Chandra

Hi,

The "sh ip arp" command will provide that.

#sh ip arp 10.37.2.10
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.37.9.50              4   19a5.0662.d430  ARPA   Vlan1


#sh mac-a add 18a9.0552.d430
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    19a5.0662.d430    DYNAMIC     Gi2/6

Please rate the helpfull posts.
Regards,
Naidu.

Hi,

I am using cisco 2950 switch, With sh ip arp x.x.x.x i am able to find only vlan and mac address but how can i find the user in 100 switches where he is connected.

Rgds

Chandra

Hi,

I take it that you are using a router or intervlan L3 switch in your network.

As you have assigned static IP addresses you must know what the default gateway IP addresses are

Usually the default gateway will be the local router on VLAN/subnet.

E.g.

You want to assign 192.168.100.100 to a device.

You no the mask is 255.255.255.0

The default gateway is 192.168.100.254

You ping ping 192.168.100.100 to test if someone is already using that address.

Yes it responds to ping

You need to logon to the router at 192.168.100.254

sh arp | incl 192.168.100.100

This will give the MAC

eg. AAAA.BBBB.CCCC

You now need to use the sh mac-address-table address AAAA.BBBB.CCCC

The output should give the port/interface.

It may be on an uplink port to another switch so you need to hop there and repeat sh mac-address-table address AAAA.BBBB.CCCC

till you find the port with the offenfdng device.

HTH

Alex

Please rate useful posts

Regards, Alex. Please rate useful posts.

Hi,

it's more comfortable to use

trace mac

or

trace mac ip

command on the current Cisco switches.

Read this

http://www.cisco.com/en/US/customer/docs/switches/lan/catalyst2950/software/release/12.1_13_ea1/configuration/guide/swtrbl.html#wp1084348

for details.

HTH,

Milan

Hi,

I would suggest you to trace with the specific mac address only.
You need to login to each switch and give a command "sh mac-a add aaaa.bbbb.cccc"
In this way you can easily findout the physical connectivity of that IP.

Please rate the helpfull posts.
Regards,
Naidu.

Hi,

When i am using sh ip arp output is showing as below,, its HSRP virtual mac ID

Switch#sh ip arp 192.168.10.10

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.2.2.60              13   0000.0c07.ac01  ARPA   Vlan1

Output of trace mac is as below

C-203-2950#trace mac ip 172.16.255.211 192.168.10.10

Invalid destination IP address 192.168.10.10.

Layer2 trace aborted.

Please help me

Regards

Suresh Chandra

Hi,

as your switch does not know the MAC address assigned to IP address  192.168.10.10, this trace command syntax fails.

Try to use "trace mac any_known_mac_address mac_address_you_are_investigating"

command syntax.

Both MAC addresses have to be in the same VLAN and your sitches need to fulfil prerequisites specified in the link I sent you.

HTH,

Milan

Firstly, your switch and/or server IPs and users really should be on different VLANs, to help mitigate something like this

That said, one thing we've done to prevent something similar was to set up PACLs on the switches' access ports

We created the PACL to block any traffic coming from say, the reserved range of IPs for the switches / network devices on the ports connected to user or end devices, while leaving it off of the trunk / uplinks

Example

Your server IPs are 10.1.1.2 - 25

Make an ACL that blocks all incoming traffic for those IPs and apply it to the access ports of the switch, minus the ones the servers actually connect to

Now, when your user sets his static IP to one of your server IPs it goes nowhere

Sent from Cisco Technical Support iPad App

Hi,

When i trace with souce and distination mac IDs with in same vlan i got below output,

xxxxxx#trace mac 00-90-F5-B2-C9-AB 00-19-bb-2b-ee-b4

Error: Destination Mac address not found.

Layer2 trace aborted.

Rgds

Suresh

Hi,

are you able to see the destination MAC in the switch forwarding table by

sh mac-add ress-table address 00-19-bb-2b-ee-b4

command?

If not, you can't trace it.

If yes, the trace command fails for some reason and you need to trace the MAC address manually connecting to each sith on the path.

HTH,

Milan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: