Anyone know of fast method for tracking an IP to the end switch/mod/port?
I was wondering if anyone knows of any shell scripts or other tools designed to quickly trace an IP address to a particular switch, module/port. I've had cause to track down a large number of systems in the past (as a result of worm/virus activity)... where it is essential to quickly determine which switch, mod/port the host is on -- then disable the port.
Cisco Works user tracking isn't up to the task; the data must be essentially up-to-the-minute, and doing an IP lookup through the GUI, while fine for the occasional query, would be impossible for dozens (or hundreds) of addresses.
Right now, the process looks something like this:
- Get alert from IDS or firewall indicating suspicious activity
- Arp in proper subnet for offending IP's MAC address
- Telnet to root bridge switch
- Issue "show cam XX-XX-XX-XX-XX-XX" to see if MAC is local
- If MAC is local (shows up on non-trunked port), "set port dis X/Y"
- If MAC is on trunked port, "show cdp neighbor" to see where trunk goes
- Telnet to switch on other side of trunk
- Repeat MAC locating steps until we finally get to the right switch that the host is physically connected to
- Disable the host's port
In short, the process is a real pain :)
It looks like this would be reasonably easy to do with shell / Perl scripts... but scripting isn't my forte. I could probably do it after bumbling around for a month; but my guess is that someone out there has already managed to do this for 6000 series switches.
Any help / suggestions would be -very- much appreciated.
Re: Anyone know of fast method for tracking an IP to the end swi
The perl solution is really the only way outside of purchasing something custom made. Bite the bullet and do the perl work, you will be glad you did as it will give you the freedom to make changes and whatnot based upon your own particular enterprise.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :