Solved: Re: Mac Address Tracing - CatOS

matt.karsten · ‎06-07-2006

I have noticed a lot of bad traffic coming from one particular computer on the network. Normally not a big deal, I found the MAC Address in my DHCP Table, logged into a switch, did a 'sh mac-address-table address <mac address>', found what port it was connected to (it was another switch), I then did a 'sh cdp neighbor detail' got the ip address, telneted to that switch, rinsed and repeated... until I hit a switch that had CatOS.

My question is how do I do this same type of thing on CatOS? I know how to get everything else except which port it is on like the 'sh mac-address-table address <mac address>' command gives me.

atif.awan · ‎06-07-2006

Try using the show cam command. The mac address should be entered in xx-xx-xx-xx-xx-xx notation.

View solution in original post

vladrac-ccna · ‎06-07-2006

show cam dyn

btw check the link:

Catalyst OS to Cisco IOS Configuration Converter

for the opposite in case you need.

http://www.cisco.com/cgi-bin/Support/CatCfgConversion/catcfg_xlat.pl

HTH,

if it does please rate this post

Vlad

matt.karsten · ‎06-07-2006

Good command that got me close to what I wanted.

I would love to be able to use that converter but the Supervisor module that we have in the switch doesn't support IOS, or at least that is my understanding.

atif.awan · ‎06-07-2006

Try using the show cam command. The mac address should be entered in xx-xx-xx-xx-xx-xx notation.

matt.karsten · ‎06-07-2006

This is exactly what I was looking for.

Anand Narayana · ‎06-07-2006

just type show cam it will clearly tell where the mac-address is residing.

eg. lets say that 6509--->2950---->(my pc)

in 6509 type show cam

it show some thing like this...

Cat6509> (enable) sh cam 00:02:B3:87:EA:10

* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry.

X = Port Security Entry $ = Dot1x Security Entry

VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type]

---- ------------------ ----- -------------------------------------------

194 00-02-b3-87-ea-10 4/7 [ALL]

on 4/7 2950 is connected, in that again you type the pc mac address.

2950#sh mac-address-table address 00-02-b3-87-ea-10

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

194 0002.b387.ea10 DYNAMIC Fa0/2

Total Mac Addresses for this criterion: 1

which means the pc is connected on fasethernet 0/2 port.

hope this helps,

rate this post.

amit-singh · ‎06-07-2006

Hello,

Which switch is this and what Cat Os you are running on it. You can use "l2trace" command to traceout the mac-address on your network.

l2trace src_mac_addr dest_mac_addr [vlan] [detail]

l2trace src_ip_addr dest_ip_addr [detail]

The limitation of this feature is that intermediate switches should support the l2 trace.

The best way to do it is the way you have done on the IOS switches. you use the equiqwalent coomand " show cam " on the Cat OS switches and trace the MAC.

This is from Catos 7.x on 6500.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_7_6/cmd_ref/ghi_cmd.htm#wp1030529

HTH, Please rate if it does.

-amit singh