Cisco command - find IP address on port

Discussion in 'Networking, Telephony & Internet' started by k1ll3r, Nov 16, 2012.

  1. k1ll3r

    k1ll3r Member

    Joined:
    Aug 8, 2007
    Messages:
    2,387
    Location:
    Geraldton, WA
    hey all,

    I was wondering if there a Cisco command that I can type in that will find an IP address and what switch and port its plugged into?
     
  2. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    4,890
    If both the devices are cisco and you haven't disabled CDP then

    show cdp neighbors will show you whats connected and what ports
     
  3. TehCamel

    TehCamel Member

    Joined:
    Oct 8, 2006
    Messages:
    4,183
    Location:
    Melbourne
    you could also do a ping to get the MAC address, then look at the ARP Tables.
    there's a command that i'm struggling to remember that shows what MAC appears on which port
    it's then just a matter of chasing it through the switches

    (commonly, switches work at Layer2, which doesn't really contain IP addressing, it's higher up the stack. that said, my OSI knowledge is sketchy so i could be wrong here..)
     
  4. CptVipeR

    CptVipeR Member

    Joined:
    Jun 28, 2001
    Messages:
    811
    Location:
    Hobart
    First get the switch to ping the IP you are looking for

    ping x.x.x.x

    Then look at the arp table
    sh arp

    Then match up the MAC address from the arp table with the mac table to see which port that device is on

    sh mac address-table


    to filter to just one MAC
    sh mac address-table | inc <last 4 char>

    Code:
    HBC-Main-01#ping 10.232.20.10
    
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.232.20.10, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1007 ms
    HBC-Main-01#sh arp
    Protocol  Address          Age (min)  Hardware Addr   Type   Interface
    Internet  10.232.20.254           0   70ca.9bfb.b181  ARPA   Vlan100
    Internet  10.232.20.200           -   0018.1880.17c1  ARPA   Vlan100
    Internet  10.232.20.50            0   5c26.0a73.a839  ARPA   Vlan100
    Internet  10.232.20.2             0   782b.cb4f.ce04  ARPA   Vlan100
    Internet  10.232.20.3             4   0024.e831.1fac  ARPA   Vlan100
    Internet  10.232.20.10            0   0024.e831.1fa4  ARPA   Vlan100
    HBC-Main-01#sh mac ad
    HBC-Main-01#sh mac address-table | inc 1fa4
     100    0024.e831.1fa4    DYNAMIC     Gi0/24
    HBC-Main-01#
    
     
  5. nimmers

    nimmers Member

    Joined:
    Dec 20, 2005
    Messages:
    1,261
    Location:
    Sydney
    ping <ip add>
    sh arp | include <ip add>
    sh mac address-table | in <mac address from sh arp command>
     
  6. RyoSaeba

    RyoSaeba Member

    Joined:
    Sep 11, 2001
    Messages:
    12,666
    Location:
    Perth
    Unplug cable and see who yells out. :lol::thumbup:
     
  7. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    4,890
    All of the above methods rely on your switch having an IP in the same subnet that you are trying to reach and an SVI interface existing on that switch in that layer 2 domain.

    If it only has a different interface then it will not populate the ARP table since it travels via the IGP or last resort the default gateway.
     
  8. OP
    OP
    k1ll3r

    k1ll3r Member

    Joined:
    Aug 8, 2007
    Messages:
    2,387
    Location:
    Geraldton, WA
    Thanks for all the replies so far :thumbup:

    Ok, so I did the ping then the show mac commands.
    So basically it points to port 49 which connects to another switch.
    Do I keep doing it on the switchs it points to until it doesn't point to another switch?
    I'll test my theory now.

    EDIT: There has to be a quick way to pin point which switch?
     
  9. Heywood

    Heywood Member

    Joined:
    Dec 25, 2001
    Messages:
    457
  10. flain

    flain Member

    Joined:
    Oct 5, 2005
    Messages:
    2,614
    Location:
    Sydney
    ping the ip then.. show arp to get the mac address then show mac. Although if its going to a vlan interface then you need to check the cam table

    try "show cam <mac-address>" or something along those lines, should show you which physical port the mac address is behind

    if it leads to another switch, then hop across and do it again, repeat until you find the end device/switchport
     
  11. nimmers

    nimmers Member

    Joined:
    Dec 20, 2005
    Messages:
    1,261
    Location:
    Sydney
    Yep 10 char
     
  12. OP
    OP
    k1ll3r

    k1ll3r Member

    Joined:
    Aug 8, 2007
    Messages:
    2,387
    Location:
    Geraldton, WA
    Yeah by following the switches it lead me to the correct switch and port.

    I couldn't get the traceroute mac command to work.
     
  13. kapowww

    kapowww Member

    Joined:
    Oct 13, 2010
    Messages:
    25
    Get Cisco Prime NCS, type the IP or MAC address and it'll show you switch and port number =] A tiny bit more expensive and complicated but saves tracing through switches lol
     

Share This Page

Advertisement: