ping IP of the device you want to find the port for
which adds the mac to the arp table
sh arp | include "ipaddress"
sh mac-address-table | include "last 4 of mac"
========================================
Identify a portion of the ports without interrupting users use MAC address tables to find devices connected to switch ports. Trace which patch panel port a switch port is connected to and which wall jack individual machines are connected to. If you need to do it manually you can get the MAC addresses of known active devices, ping it to make sure the MAC is in the switches switching table and then check the switches dynamic MAC address table (that is if you have smart switches)
====================================================
LinkSprinter is super useful for network mapping! Basically it will tell you for any switch that supports discover protocols (CDP/LLDP/EDP) the switch name, port number, VLAN, etc. on that drop. Then you'll get an email, or you can use the mobile interface for the online results management platform, and comment the location (you can use name, cube number, room, etc.). So you'd go around, plug into a drop, 10 seconds later that data would be stored for you, you'd comment the location, and move on to the next drop. Then you could sit down with all of that info and label everything! Much simpler and quicker than using a toner and two people.
I spoke with one university that used to test all of their drops in every dorm every summer. That project would normally take a month to complete, and they did it with one LinkSprinter in a week.
=================================================
Toner and someone to help is the way we tend to go with this. We also have several custom internal tools to show us where a mac address is plugged in on the network
======================================================
Firstly, you need to get the MAC address, so get into a machine on the same VLAN and look at its neighbour table - Windows is
netsh int ipv4 show neigh, Linux: ip nei Cisco: show ip arp x.x.x.x. Once you have that...
If this is a discovery job on a layer 2 switch, do
show mac address-table | i 0011.2233.4455 - replacing the mac address bytes as appropriate.
If on the other hand it's a router, use
show ip arp | i 0011.2233.4455 - again replacing the MAC as appropriate. Obviously when you were getting the MAC, if it turned out to be directly connected to that router, you're already done.
Long-term however, I heartily recommend that you setup LLDP (failing that, CDP) to your hosts so that you can identify them from either side. lldpd is an absolutely excellent LLDP daemon for Linux that also supports CDP, EDP, SONMP and FDP. If you're currently able to reach the host and it does happen to run linux/BSD, I'd recommend skipping the above and just turn on LLDP.
Regardless of whether your switch is performing frame forwarding (layer 2) or packet routing (layer 3), the following should work if the switch has a management IP address in the same subnet as the host you want to find:
- At the switch, ping the IP address you want to find. If the address is on the same subnet as the switch's management address, an ARP request will be sent looking for the MAC address of the host.
- Now you can look at the ARP cache and find the MAC address of the host you are looking for (
show ip arp) and its corresponding interface. - You can also look for its MAC address table entry by issuing:
show mac-address table address [the address]
Regardless of whether your switch is performing frame forwarding (layer 2) or packet routing (layer 3), the following should work if the switch has a management IP address in the same subnet as the host you want to find:
- At the switch, ping the IP address you want to find. If the address is on the same subnet as the switch's management address, an ARP request will be sent looking for the MAC address of the host.
- Now you can look at the ARP cache and find the MAC address of the host you are looking for (
show ip arp) and its corresponding interface. - You can also look for its MAC address table entry by issuing:
show mac-address table address [the address]
The CAM table on the switch matches the MAC address to the device port. Use 'show mac address-table' on the switch. You can also configure port descriptions to help find devices later too.
you want to find: 1.At the switch, ping the IP address you want to find. If the address is on the same subnet as the switch's management address, an ARP request will be sent looking for the MAC address of the host. 2.Now you can look at the ARP cache and find the MAC address of the host you are looking for (show ip arp) and its corresponding interface. 3.You can also look for its MAC address table entry by issuing: show mac-address table address [the address]
The answer depends on whether the switch is a Layer 2 or a Layer 3 switch. That is to say, is the switch only switching and relaying traffic on to a different device for routing, or, is it doing the routing decisions itself via SVIs (switched virtual interfaces).
On a layer 3 switch, the port can be found by using a few simple commands on the device. However on a layer 2 switch, you have to log into both the switch and whatever device is doing the routing to locate the port.
In either case, the commands are the same, just run on two different boxes for the layer 2 switch.
On a Layer 3 switch:
- Log into the switch and issue the following command (where ipaddress is the ip address of the host you are trying to locate:
show ip arp *ipaddress* - The output should look similar to below, and give you the mac-address of the device (I've highlighted the mac-address below in bold).
LYKINS-1861#show ip arp 172.20.1.100 Protocol Address Age (min) Hardware Addr Type Interface Internet 172.20.1.100 0 **28cf.da1d.1b05** ARPA Vlan10 - Now issue one of the following commands (where mac-address is the hardware address from previous step). Depending on the Cisco platform, sometimes the command is listed in either form.
show mac address-table address *mac-address* show mac-address-table address *mac-address* - The output should look similar to below, the port you are looking for should be listed as the Destination Port:
LYKINS-1861#show mac-address-table address 28cf.da1d.1b05 Destination Address Address Type VLAN Destination Port ------------------- ------------ ---- -------------------- 28cf.da1d.1b05 Dynamic 10 **FastEthernet0/1/1**
On a Layer 2 switch:
- Find out what device is doing the routing for this switch (you may have to look at the network documentation). Sometimes it is a "Router on a Stick", where the Layer 2 VLANs are being trunked up to the router for the Layer 3 decisions.
- Log into the routing device, and issue the following command (where ipaddress is the ip address of the host you are trying to locate:
show ip arp *ipaddress* - The output should look similar to below, and give you the mac-address of the device (listed below in bold).
LYKINS-1861#show ip arp 172.20.1.100 Protocol Address Age (min) Hardware Addr Type Interface Internet 172.20.1.100 0 **28cf.da1d.1b05** ARPA Vlan10 - Now log into the Layer 2 switch
- On that device issue one of the following commands (where mac-address is the hardware address from previous step). Depending on the Cisco platform, sometimes the command is listed in either form.
show mac address-table address *mac-address* show mac-address-table address *mac-address* - The output should look similar to below, the port you are looking for should be listed as the Destination Port:
LYKINS-1861#show mac-address-table address 28cf.da1d.1b05 Destination Address Address Type VLAN Destination Port ------------------- ------------ ---- -------------------- 28cf.da1d.1b05 Dynamic 10 **FastEthernet0/1/1**
