Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Searching for private ip adresses in vlan


On my 6509 my log tells me that access-list 199 has denied ipadresses 10.x.x.x. But they are coming from my accesslayer and I cannot traverse it back to wich switch (3524-xl) on wich port..

6509#sh arp

gives anything but private addressspace.

Any suggestions.


Re: Searching for private ip adresses in vlan

I guess, the only way out is to SPAN (Port mirroring) the VLANs and sniff the network. Once you know which Vlan, then you can sniff all the ports in the Vlan, isolating one by one. I donot see any other good method to do this.

Other method i can think of is ping this private address, to get the mac address in the arp table. Then look at the spanning tree bridge table to see which port has this mac.

Re: Searching for private ip adresses in vlan

Are the ip addresses for the hosts, static or dynamic ?

If its dynamic, you can find out from your DHCP server,to what mac address, this particular IP address 10.x.x.x has been leased.

Once you find this, you can check on the 6509 switch cam table, as to which trunk port (downlink) to access layer switch, is this mac-address associated to.

Once you find the trunk, you have found out the access layer switch. Get into the switch and find the mac-address to port mapping, and catch the culprit.

CreatePlease to create content