Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

How to see clients on vlans?

Hi everyone,

On the Backbone switch there are vlans,I want to see that which clients (mac adreseses) on the vlans.For example: On the vlan 10 there 50 mac adresses like that.How can I see ?

Thanks        

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

How to see clients on vlans?

Hello Ersin,

In general, this is very difficult to find out. The IP address could have been assigned manually and changed afterwards, and all traces of this IP-to-MAC correspondence may be lost. If an IP address is assigned manually, the only trace telling about this IP-to-MAC correspondence is the ARP table (show ip arp). However, this cache eventually expires. No other common database holds these correspondences.

Assuming that the IP address was acquired from DHCP, the log messages on the DHCP server (if there are any) can be used to find out what MAC address requested the particular IP address. If the DHCP server was not used to assign this IP address to the attacker then I am afraid we are totally out of luck.

I apologize for bringing bad news.

Best regards,

Peter

3 REPLIES
Cisco Employee

How to see clients on vlans?

Hello Ersin,

If you want to see all learned MAC addresses within a particular VLAN, use the show mac address-table vlan N command, so for example:

show mac address-table vlan 10

Best regards,

Peter

Community Member

How to see clients on vlans?

Peter Thanks,

In fact problem is ; 2 days ago, one user take ip from vlan 10 ( 72.34.10.201) and too many downloaded somethings from internet I saw on the log server.I want learn which mac address took this ip ?


Cisco Employee

How to see clients on vlans?

Hello Ersin,

In general, this is very difficult to find out. The IP address could have been assigned manually and changed afterwards, and all traces of this IP-to-MAC correspondence may be lost. If an IP address is assigned manually, the only trace telling about this IP-to-MAC correspondence is the ARP table (show ip arp). However, this cache eventually expires. No other common database holds these correspondences.

Assuming that the IP address was acquired from DHCP, the log messages on the DHCP server (if there are any) can be used to find out what MAC address requested the particular IP address. If the DHCP server was not used to assign this IP address to the attacker then I am afraid we are totally out of luck.

I apologize for bringing bad news.

Best regards,

Peter

197
Views
0
Helpful
3
Replies
CreatePlease to create content