11-30-2011 04:20 PM - edited 03-07-2019 03:40 AM
By using show mac address-table interface I can see the mac's of the devices connected to the interface, is there any way that I can find the IP address on the device connected that perticular interface, lets say for example I connect a PC to fast ethernet port 4 of cisco 2960, by using:
show mac address-table interface fastEthernet0/4
I get the result as given below,
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
999 001e.8c16.c362 DYNAMIC Fa0/4
Total Mac Addresses for this criterion: 1
now from the switch it self I want to see whats the IP on the device 001e.8c16.c362. How can I do it?
11-30-2011 04:27 PM
If your device is layer-2 only, then you can't see the IP address, but if the device is doing layer-3, you can use "sh ip arp"
It will tell you the vlan, the IP and the MAC address.
HTH
11-30-2011 04:37 PM
well the network is designed in a manner like this
Core (Cisco3750) -----> Distribution (Cisco 2960) -----> Device (Computers, wifi APs...etc)
I have defined all the interface vlans on the core switch only and I did basic switching on the destribution switches and core is the only layer 3 switch in the network.
So is there a solution???
11-30-2011 06:21 PM
from that PC, do a ping to your cisco switch.
show arp will display the ip and MAC. Then match the MAC in the mac address table.
11-30-2011 06:38 PM
Hello,
Basicly you can right now check if ARP for that MAC present on core with "show ip arp | i 001e.8c16.c362" command. If not you can ping the subnet address to get that ARP. Explaining how to do it below:
So we have PC in question in VLAN 999. I assume you have routed SVI VLAN 999 on core. That should have ip address assigned. And the PC we are talking about should have ip in same subnet.
So from core you can ping the broadcast mask of your subnet which will ping every host on the local subnet. So if VLAN 999 has ip address of 10.10.10.1 255.255.255.0 on SVI - then broadcast address for this network will be 10.10.10.255. So pinging that from core you will get replies from all the hosts assigned with ip address in that subnet. May take a while depending of host numbers, but eventually you will have ARP records for all these PCs on core.
Then you can do "show ip arp" or even "show ip arp | i 001e.8c16.c362" to see what ip corresponds to the MAC in questions.
Hope this helps,
Nik
12-01-2011 12:21 AM
Hi Ahmed,
You are fine with your network design, you can easily findout the ip of any specific port which you want.
In 2960 switch:
#show mac address-table interface fastEthernet0/4
I get the result as given below,
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
999 001e.8c16.c362 DYNAMIC Fa0/4
Total Mac Addresses for this criterion: 1
Now login to your 3750 switch and apply the below command.
#sh ip arp 001e.8c16.c362
It will give you the specif IP belongs to that mac address.
Please rate the helpfull posts.
Regards,
Naidu.
12-01-2011 01:53 AM
Hi Latchum,
It doesnt really do the thing for me, by doing so I get an empty reply,
core#sh ip arp 001e.8c16.c362
core#
Thats all what I get
12-01-2011 01:58 AM
Hi Nikolay,
It does not give me all the IP/Mac addresses of the devices connected to the destribution switches, but only a few here is my reply:
core#ping 192.168.1.255
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.255, timeout is 2 seconds:
Reply to request 0 from 192.168.1.113, 1 ms
Reply to request 0 from 192.168.1.239, 84 ms
Reply to request 0 from 192.168.220.19, 9 ms
Reply to request 0 from 192.168.0.51, 1 ms
Reply to request 0 from 192.168.220.15, 1 ms
Reply to request 0 from 192.168.220.16, 1 ms
Reply to request 0 from 192.168.220.14, 1 ms
Reply to request 0 from 192.168.220.18, 1 ms
Reply to request 0 from 192.168.1.42, 1 ms
Reply to request 1 from 192.168.1.113, 1 ms
Reply to request 1 from 192.168.1.239, 101 ms
Reply to request 1 from 192.168.220.19, 8 ms
Reply to request 1 from 192.168.0.51, 1 ms
Reply to request 1 from 192.168.220.16, 1 ms
Reply to request 1 from 192.168.220.15, 1 ms
Reply to request 1 from 192.168.220.14, 1 ms
Reply to request 1 from 192.168.220.18, 1 ms
Reply to request 1 from 192.168.1.42, 1 ms
Reply to request 2 from 192.168.1.113, 1 ms
Reply to request 2 from 192.168.1.239, 109 ms
Reply to request 2 from 192.168.220.19, 1 ms
Reply to request 2 from 192.168.0.51, 1 ms
Reply to request 2 from 192.168.220.16, 1 ms
Reply to request 2 from 192.168.220.15, 1 ms
Reply to request 2 from 192.168.220.14, 1 ms
Reply to request 2 from 192.168.220.18, 1 ms
Reply to request 2 from 192.168.1.42, 1 ms
Reply to request 3 from 192.168.1.113, 9 ms
Reply to request 3 from 192.168.1.239, 126 ms
Reply to request 3 from 192.168.220.19, 9 ms
Reply to request 3 from 192.168.0.51, 9 ms
Reply to request 3 from 192.168.220.14, 9 ms
Reply to request 3 from 192.168.220.15, 9 ms
Reply to request 3 from 192.168.220.16, 9 ms
Reply to request 3 from 192.168.220.18, 9 ms
Reply to request 3 from 192.168.1.42, 9 ms
Reply to request 4 from 192.168.1.113, 9 ms
Reply to request 4 from 192.168.1.239, 42 ms
Reply to request 4 from 192.168.220.19, 9 ms
Reply to request 4 from 192.168.0.51, 9 ms
Reply to request 4 from 192.168.220.16, 9 ms
Reply to request 4 from 192.168.220.14, 9 ms
Reply to request 4 from 192.168.220.15, 9 ms
Reply to request 4 from 192.168.220.18, 9 ms
Reply to request 4 from 192.168.1.42, 9 ms
core#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.1 3 0090.0e02.5b54 ARPA Vlan999
Internet 192.168.1.123 - 0019.06ce.9044 ARPA Vlan999
Internet 192.168.1.113 3 0014.38a3.bf02 ARPA Vlan999
Internet 192.168.1.42 3 000a.5df1.a4ac ARPA Vlan999
Internet 192.168.0.51 3 0026.5a09.ada8 ARPA Vlan999
Internet 192.168.1.15 7 001e.33b4.57bf ARPA Vlan999
Internet 192.168.1.1 0 00b0.d0ea.04ba ARPA Vlan999
Internet 192.168.1.6 3 0013.461d.d555 ARPA Vlan999
Internet 192.168.1.21 0 d85d.4cc8.ed75 ARPA Vlan999
Internet 192.168.1.233 3 0015.70a6.db93 ARPA Vlan999
Internet 192.168.1.234 3 0015.7097.1b33 ARPA Vlan999
Internet 192.168.1.239 3 c8bc.c8c9.b930 ARPA Vlan999
Internet 192.168.1.231 1 0015.70b5.3ccb ARPA Vlan999
Internet 192.168.1.254 0 001d.7dd0.e8e1 ARPA Vlan999
Internet 192.168.1.245 29 001d.7dd0.e8e1 ARPA Vlan999
Internet 10.172.4.1 - 0019.06ce.9042 ARPA Vlan20
Internet 192.168.220.16 3 0021.917b.b5d8 ARPA Vlan999
Internet 10.172.3.1 - 0019.06ce.9043 ARPA Vlan100
Internet 192.168.220.18 3 001e.58ab.707e ARPA Vlan999
Internet 192.168.220.19 3 0021.9199.8cf0 ARPA Vlan999
Internet 10.172.3.2 99 b862.1f49.b4c1 ARPA Vlan100
Internet 10.172.9.1 - 0019.06ce.9041 ARPA Vlan10
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.172.3.10 86 001b.2b3f.52c1 ARPA Vlan100
Internet 10.172.8.1 - 0019.06ce.9041 ARPA Vlan10
Internet 10.172.3.19 115 b862.1fdb.23c1 ARPA Vlan100
Internet 192.168.1.208 0 0019.b9fa.8d5c ARPA Vlan999
Internet 192.168.220.14 3 0013.4678.e1cc ARPA Vlan999
Internet 192.168.220.15 3 001e.58ab.7023 ARPA Vlan999
Internet 192.168.1.132 0 001d.92e5.f0c5 ARPA Vlan999
Internet 192.168.1.153 2 b8ac.6f4e.d149 ARPA Vlan999
I have 80 plus computers in my network, so this reply doesnt really seems logical enough for me to say that those are the only alive devices in my network. Is there a way that I can call a device in network using its mac address.
12-01-2011 01:59 AM
Hi Ahmed,
If that is the case then the mac address "001e.8c16.c362" is not in the arp table of your 3560.
There must be some communication (simple ping atleast) from the 3560 so that it can store the mac address in its arp table.
Now your choice is to findout that mac address in the mac table of your 2960 switch (sh mac-a table)
Please rate the helpfull posts.
Regards,
Naidu.
12-01-2011 07:19 PM
Hello,
The posibility is that device in question does not answer a ping (e.g. FW on it blocking it or smth else). MAC ping will not also help as you will not get any ip from it.
Do you have DHCP server which is assisgning ip addresses in VLAN 999? If yes - then you can check it for ip-MAC correlation.
If not and device statically assigned with ip - then it is harder. There can be a chance that device is assigned with ip address which is in subnet different fron VLAN999 - and it will give you a trubble. One more thing you can do - is to connect laptop to any free port on 2960 and configure SPAN using Fa0/4 as a source port and the new port as destination. By that you will get all traffic coming from that device and hopefully there will be L3 packets where you can see ip address.
The last way - is just go and trace cable to device - but I guess that is not an option for you now.
Nik
12-02-2011 02:01 AM
Hello Nik,
The prob is I have no idea which IP it is on. I only have its mac address, our devices in the office network has all of their IP's static, anyway I ran a network scan using a third party software and now I am just planing to ping all the devices seperatly from core so that it can atleast save all the ip's on the arp table. I couldn't find a better solution for that.
12-02-2011 02:46 AM
That's the only thing that I would try at last. I have use Cola soft in the past.
http://www.colasoft.com/mac_scanner/
Cheers,
-amit singh
12-02-2011 06:31 AM
Hi Ahmed,
from the below output,
core#sh ip arp 001e.8c16.c362
core#
If you see the arp table is empty for a specific mac then the interface vlan is not created in that switch and hence it is a routed packet.
++ Hence go to the switch where the SVI is created for that vlan, and then try the command " sh arp | i 001e.8c16.c362"
As you aware whenever the packet gets routed, the source and the destination mac gets changed whereas the source & destination ip remains unchanged.
Hope this answers your question.
Cheers
Somu
Rate helpful posts
12-02-2011 09:07 AM
There is a trick for finding IP addresses on Layer 2 only switches. ... only works if the client is getting it's IP via DHCP through the switch. Turn on DHCP snooping, then you can use this command...
chinche#sh ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- --------------------
00:26:F2:5D:C4:41 10.0.1.175 3332 dhcp-snooping 5 GigabitEthernet1/0/17
14:D6:4D:28:F0:41 10.0.1.133 2196 dhcp-snooping 5 GigabitEthernet1/0/17
68:7F:74:D1:0D:41 10.0.1.68 1878 dhcp-snooping 5 GigabitEthernet1/0/22
00:1F:E2:16:BE:41 10.0.1.116 3427 dhcp-snooping 5 GigabitEthernet1/0/17
12-07-2011 02:39 AM
Do SPAN on that port in question as I advisd before. It will provide you with all packets coming from that device. If those packets are L3 - you will get the ip.
Nik
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: