Anyone know of fast method for tracking an IP to the end switch/mod/port?
I was wondering if anyone knows of any shell scripts or other tools designed to quickly trace an IP address to a particular switch, module/port. I've had cause to track down a large number of systems in the past (as a result of worm/virus activity)... where it is essential to quickly determine which switch, mod/port the host is on -- then disable the port.
Cisco Works user tracking isn't up to the task; the data must be essentially up-to-the-minute, and doing an IP lookup through the GUI, while fine for the occasional query, would be impossible for dozens (or hundreds) of addresses.
Right now, the process looks something like this:
- Get alert from IDS or firewall indicating suspicious activity
- Arp in proper subnet for offending IP's MAC address
- Telnet to root bridge switch
- Issue "show cam XX-XX-XX-XX-XX-XX" to see if MAC is local
- If MAC is local (shows up on non-trunked port), "set port dis X/Y"
- If MAC is on trunked port, "show cdp neighbor" to see where trunk goes
- Telnet to switch on other side of trunk
- Repeat MAC locating steps until we finally get to the right switch that the host is physically connected to
- Disable the host's port
In short, the process is a real pain :)
It looks like this would be reasonably easy to do with shell / Perl scripts... but scripting isn't my forte. I could probably do it after bumbling around for a month; but my guess is that someone out there has already managed to do this for 6000 series switches.
Any help / suggestions would be -very- much appreciated.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...