As a Network Administrator/Engineer you may be asked to find MAC addresses and/or IP Addresses, hopefully this can make your job a little bit easier. These commands work on most Cisco Switches and Routers but sometimes the commands can vary from device to device.
Learning has never been so easy!
5 Steps total
Step 1: Connect to your Cisco Devices
Oct 26, 2005 The MAC address accounting feature provides accounting information for IP traffic based on the source and destination MAC addresses on LAN interfaces. This feature calculates the total packet and byte counts for a LAN interface that receives or sends IP packets to or from a unique MAC address. For each device, the Network Scanner shows the device name (if available), IP address, Media Access Control address (or MAC address, a network adapter’s uniquely assigned identifier),.
Connect to the Switch/Router by using a console cable or a terminal emulator like Putty or Secure CRT. If you are successful it should look something like this.
Step 2: Find The MAC Addresses
Ip Mac Snmp Switch Router Software Update
On the layer 2 device (switch) enter the username and password if needed. Next enter 'enable' mode on the switch by typing enable. Next type the command 'show mac address-table'. If successful it should look like the picture. It's worth noting that on some Cisco devices the command 'show mac-address-table' also works.
Step 3: Find the IP Address
On the layer 3 device ( L3 switch or router) in my case I am using a router, enter the username and password if needed. Next enter 'enable' mode on the router by typing enable. Next type 'show ip arp' if done correctly you should get an output similar to the picture.
Step 4: Filtering the results on a Router
In the example I have provided there were only 9 IP addresses. However in the real world there could be dozens or even hundreds of IP addresses. To help filter the results on a router type 'show ip arp ?' You will see gigabitethernet' as an option this will let you filter results by interface or sub-interfaces. In my exmaple it typed 'sho ip arp gigabitEthernet 0/0.10' and that listed all IP's on my sub-interface.
Step 5: Filtering the results on a Layer 3 Switch
As stated in Step 4, you will likely have more than 9 IP Addresses. This can be made worse in a messy closet with a 48 port switch running the closet and maybe even some layer 2 switches under that. Luckily in addition to being able to filter by interface you can also filter by VLAN. So type in 'show ip arp ?' and you will see 'vlan' as a listed filter. As you can see I typed in 'sho ip arp vlan 20' and it listed only those IP's in vlan 20. In this case it was the vlan interface and a PC.
I hope this guide was helpful for you. If you aren't sure about something or feel like I missed a step, please let me know.
9 Comments
-
AnaheimGDBJNC Apr 27, 2018 at 01:15pmGreat post.Another way to find that information is to first PING the address of the system you are looking for. Then issue:
show arp | i .This will then show you the MAC address associated with the IP address.Then issue:
show mac address-table | iThis will give you the port that the device is currently connected. -
CayenneJim6795 Apr 27, 2018 at 01:15pmThanks for posting this *after* I finished a 'What's Connected Where' jihad on our network. :^D After beating Google to death over it, hoping for some useful tool, I ended up using exactly the same process (plus the online MAC address lookup to ID the device manufacturer), so I can affirm this works perfectly, if you work it.As you can see, the 'sh arp' or 'sh ip arp' commands also give you the MAC addresses, so essentially the 'sh mac add' is only to get the port in which the device is connected. It helps to Ping the subnet's broadcast address (e.g. '10.1.1.255') to load the ARP table. (Small tip: When you see a large number of MAC addresses showing up on a single port, there's a switch on that port into which those MAC addresses are connected. If you're all Cisco, 'show cdp neighbor' (or 'sh cdp nei') will get you to the next switch. Also, 'sh ip arp | i 0/24' will show just the MAC address(es) on that port.)The amazing thing to me is, this far into the 21st Century, this is still the only way I could find to get this information -- i.e. to find out what's connected where. Did I mention it's a *lot* of work?(ETA: What if you can't get to the Console port? How do you get the IP address of the switch in order to SSH or (if you must) Telnet in?)
-
DatilCrimsonKidA Apr 27, 2018 at 02:04pmGood stuff, thanks for posting this! My go-to Cisco command is: show ip interface brief (show ip int bri). Another thing I've learned that is very helpful (I'm still a noob with Cisco stuff) is tab-completion and using a '?' after the start of a command, such as 'show ?'
-
CayenneEd Rubin Apr 27, 2018 at 03:09pmUnfortunately dumping the mac table and working through it is the only way to reliably find stuff and identify its switch port. I've done a similar process with HP switches. One thing that helps a lot is an ip scanner application that does MAC vendor ID lookups for you. This can help with jim6795's problem of identifying an undocumented switch IP since you can look for the the switch maker's vendor ID and then try ssh or telnet, or http/https depending on the product.
-
JalapenoTS79 Apr 27, 2018 at 06:53pmSpiceworks has the ability to harvest this information using SNMP and will create a map showing which device is on which switchport. It must have the correct MIB installed for your switch and you must configure SNMP. The feature could use some more work but basic components are there.
-
JalapenoSadTech0 Apr 27, 2018 at 08:06pmThanks for posting this *after* I finished a 'What's Connected Where' jihad on our network. :^D After beating Google to death over it, hoping for some useful tool, I ended up using exactly the same process (plus the online MAC address lookup to ID the device manufacturer), so I can affirm this works perfectly, if you work it.As you can see, the 'sh arp' or 'sh ip arp' commands also give you the MAC addresses, so essentially the 'sh mac add' is only to get the port in which the device is connected. It helps to Ping the subnet's broadcast address (e.g. '10.1.1.255') to load the ARP table. (Small tip: When you see a large number of MAC addresses showing up on a single port, there's a switch on that port into which those MAC addresses are connected. If you're all Cisco, 'show cdp neighbor' (or 'sh cdp nei') will get you to the next switch. Also, 'sh ip arp | i 0/24' will show just the MAC address(es) on that port.)The amazing thing to me is, this far into the 21st Century, this is still the only way I could find to get this information -- i.e. to find out what's connected where. Did I mention it's a *lot* of work?(ETA: What if you can't get to the Console port? How do you get the IP address of the switch in order to SSH or (if you must) Telnet in?)Couldn't you just use CDP? #show cdp nei detail will show you the ip of the connected devices.
-
Thai PepperTaylorC Apr 27, 2018 at 08:45pmHey everyone thanks for the great feed back, it's really cool having this featured. @SadTech0 if you cant to the console port and you don't know the IP Address you could use a tool like angry IP scanner and find the switch that way. CDP may or may not work depending on your network configuration and/or topology. Barring some major obstruction you should try to console in get the ip and start an inventory. Hope that helps.
-
Thai PepperTodd_in_Nashville Apr 30, 2018 at 12:34pmKeep in mind, in some security minded environments, CDP may be disable if it's not needed. It's one of those things that give out unnecessary reconnaissance info to the bad guys. If one of your edge routers gets compromised, it can be used to start footprinting your internal network.
-
Thai PepperJohn3367 Apr 30, 2018 at 08:51pmGreat info..Another helpful thing you should add!SHOW INVENTORY ---> To show the SERIAL number of the Cisco device you are on.**I always use those commands you show to troublshoot. They are very helpful. I usually PING an IP address. then I type a 'show arp' and get its MAC address.. then I will type 'show mac-address table' which will show me which PORT the device is connected to!
Network switch port mapper tool helps network engineers identify the switch port to which a device is connected and thus eliminates the need of manually tracing the network cables. The switch port mapping tool discovers the devices plugged into each port of a specified switch.
Switch Port Management Software
Why OpUtils for Switch Port Management?
The Switch Port Mapper utility of OpUtils software discovers the devices plugged into each port of a specified switch. The tool is useful for system and network engineers to gain visibility into the IP, MAC, status and availability of ports. Since this is a real-time discovery you can also view the operational status and port speed of each port. The Network Switch Port Management mainly consists of features such as
Switch Port Mapper Features
End-to-End Port Mapping
The Switch port management tool provides an end-to-end mapping by advanced port scanning with an option to include mapping of physical ports to switch ports. The administrator can provide the mapping of the physical ports and switch ports in a CSV file, which can be imported to the Switch Port Mapper results. This does not need any change as long as there is no change in the physical mapping. The network switch port management tool automatically retrieves the VLAN details, Virtual IP Addresses of a device, and detects all the devices connected to a port. The Switch Port Mapper also allows the administrators to add their own columns to store user-defined values. Columns can be created both at the switch-level and at the Switch Details level. Switch port management software uses a Multi-vendor switch support like CISCO, HP, 3com, Nortel,etc. Switch port mapping displays all the MAC addresses connected to the port like computers, IP phones ., etc and has ability to Add Custom Fields on the Fly to Store User-defined Values.
Role Based Administration
Role based administration in network switch port management software helps administrators to exercise more control by creating users with Administrator or Technician Roles. While users in Administrator Role will have complete access, users in Technician Role will only have read-only access.
Adding Switches
Adding switches to the switch port mapping tool of the switch port management software can be either manual or by importing the Switch inputs from a CSV file. The CSV file should contain the Switch Name / IP Address, Switch Community, Router Name / IP Address, and Router Community as comma separated values. Once the switches are added in the switch port mapper software, they are automatically mapped in the background. Optionally, the administrators can also specify the associated subnets to sweep prior to scanning of a switch. The switch port management tool will make the switch learn all the MAC addresses of the connected devices, which will be retrieved and shown in the results.
Grouping and Scanning
Switch port Mapper software allows to create different groups based on the location or building. The Switches can seamlessly be moved within groups anytime in switch port management software. Switches in different groups can be scheduled to run at different times. Whenever a switch is mapped, the results are automatically published as a CSV file that can directly be opened in Microsoft Excel. In the Switch port management software, the history can also be viewed from the OpUtils user interface. This helps administrators to get the details of the devices that are connected to a port in the given period and vice versa. It maps the details stored in the database and provides the mapping history. Switch port mapping also maps multiple switches simultaneously and schedule the scanning of switches such that switches in different groups can be scheduled separately.
Switch Port History and Audit
![Snmp software free Snmp software free](/uploads/1/2/6/4/126428048/919251376.jpg)
When it comes to managing the switch ports, auditing is utmost important to know who did what and when. Switch Port Mapper logs all the events performed using the tool with the name of the OpUtils User and the date and time of the event. This helps administrators to track and audit the changes made using Switch Port Mapper. The administrators will also be able to track the device that was previously connected to a switch port from the previous scan results that are saved in the history. Switch port mapping tool audits and tracks the changes made to the Switch Port Mapper tool. It views the previous scan results from history.
Powerful Search
The Switch Port Mapper software can map multiple switches simultaneously. The administrators in switch port management tool can add all the switches in their network and map them all at once. This gives a complete port status of each of the switches. To locate where a specific device is connected, the administrators can simply search using the MAC, IP Address, DNS Name, or the Location of the device.
Alert Notifications
The Switch Port Mapper software provides an option to notify the administrators about the change in state of a switch port by email. Switch Port Mapper software generates alerts when:
- The state changes from Transient to Available
- The state changes from Available to Used.
- The device connected to a port has changed.
- Notifies when users move on the network
Reports
OpUtils, based on the Switch Port Mapper software results, provides the Port Availability Report of the network. Switch port mapper software maintains a policy to declare non-responding ports as available ports. Ports that are not active beyond 10 days are shown as available ports. This can also be configured to a desired value. The Port Availability Reports of OpUtils include: Available Ports, Used Ports, and Stacked Ports. It auto-publish the results to a CSV/ XLS. In addition to the Port Availability Reports, it also provides various reports on port usage, speed and type:
- Switches by Usage
- Switches by Task Name
- Switches by Vendor
- Switch Ports by ifSpeed
- Switch Port by ifType
- Device with Virtual IP
Switch Port Management
In addition to mapping switch ports to devices, OpUtils allows administrators to block or unblock a switch port from within this tool. A switch port can be made administratively up or down through SNMP using the SNMP write community string of a switch. This is very useful to block the unwanted traffic from a particular port due to a virus attack or hacking.
Network Tools
Ip Mac Snmp Switch Router Software Free
In most cases, administrators might also want to get the current status of the switches. From the port details view, they can perform the following actions:
- Ping - To send an ICMP packet to the switch to check its availability
- SNMP Ping - To check whether the switch responds to SNMP for the given community string.
- Resolve DNS - To resolve the DNS name of the switch
- Resolve MAC Address - To get the MAC address of the switch
- Trace Route - To get the network path of the switch.
- System Explorer - To get the complete details like the snapshot, CPU, Disk Space Memory details, etc., of the switch
Supported Switch Types
The Switch Port Mapper tool is tested to support switches of the following vendors:
![Ip Mac Snmp Switch Router Software Ip Mac Snmp Switch Router Software](/uploads/1/2/6/4/126428048/357201805.png)
Cisco | Nortel | HP |
Foundry | Extreme Networks | Intel |
DLink | Huawei 3com | Allied Telesyn |
Alcatel | Force 10 | Dell |
Other than the switches mention above, the Switch Port Mapper tool supports all the SNMP-enabled devices.
Free Switch Port Mapper
The Switch Port Mapper tool can be used to map a single switch in the OpUtils Free edition. For more details on tools available in Free edition, refer to Free Network Tools.
Snmp Ip Address
For more details, refer to the Switch Port Mapper Tool topic in the online help. Refer to the Switch Port Mapper Knowledge Base for troubleshooting tips.