In the middle of a Cisco switch network, if the IP address of a machine is known, how to find out which switch it is connected to which port? The most convenient and fast method is to use the User tracking function of CiscoWorks 2000 LMS network management software, and the graphical interface is clear at a glance.
If you do not have this software, you can also use the following manual analysis methods to find out the answer:
Example network: The core switch is 6509 (switch engine SE uses CatOS and MSFC to run IOS software)
1. Find the MAC address corresponding to the IP:
By checking the system's ARP cache table, you can find the MAC address corresponding to a certain IP. Since ARP cannot be performed across VLANs, the routing module MSFC connecting each VLAN is the best choice - generally it has an interface vlan n on each VLAN, which can correctly interpret ARP.
6509MSFC#ping 10.10.1.65
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.1.65, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
6509MSFC#show arp | in 10.10.1.65
Internet 10.10.1.65 2 0006.2973.121d ARPA Vlan2
Through the above command, we know that the MAC address of 10.10.1.65 is 0006.2973.121d, which is the MAC address expression of the IOS device. In CatOS, it should be written as 00-06-29-73-12-1d.
2. Find the port corresponding to the MAC address on the switch
6509SE> (enable) show cam 00-06-29-73-12-1d
* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry.
X = Port Security Entry $ = Dot1x Security Entry
VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type]
2 00-06-29-73-12-1d 9/41 [ALL]
Total Matching CAM Entries Displayed =1
Does this mean that machines with IP 10.10.1.65 are connected to port 9/41?
uncertain. If the following command shows that there is only one active MAC address on the port, the answer is yes:
6509SE> (enable) show cam dynamic 9/41
* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry.
X = Port Security Entry $ = Dot1x Security Entry
VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type]
---- ------------------ ----- -------------------------------------------
2 00-06-29-73-12-1d 9/41 [ALL]
Total Matching CAM Entries Displayed =1
If the command shows that there are multiple active MAC addresses on the port, then this port should be connected to another switch or HUB device. See the following example (find the switch port corresponding to IP 10.10.1.250):
6509MSFC#ping 10.10.1.250
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.1.250, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
6509MSFC#show arp | in 10.10.1.250
Internet 10.10.1.250 4 0009.6b8c.64ec ARPA Vlan2
6509SE> (enable) show cam 00-09-6b-8c-64-ec
* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry.
X = Port Security Entry $ = Dot1x Security Entry
VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type]
---- ------------------ ----- -------------------------------------------
2 00-09-6b-8c-64-ec 3/11 [ALL]
Total Matching CAM Entries Displayed =1
6509SE> (enable) show cam dy 3/11
* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry.
X = Port Security Entry $ = Dot1x Security Entry
VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type]
1 00-03-e3-4b-06-80 3/11 [ALL]
1 00-08-02-e6-b0-cd 3/11 [ALL]
1 00-02-a5-ee-f2-4f 3/11 [ALL]
1 00-09-6b-8c-66-d6 3/11 [ALL]
1 00-09-6b-63-17-d9 3/11 [ALL]
1 00-0b-cd-03-ec-f5 3/11 [ALL]
1 00-09-6b-63-17-d8 3/11 [ALL]
1 00-08-02-e6-b0-c1 3/11 [ALL]
1 00-08-02-e6-b0-85 3/11 [ALL]
1 00-08-02-e6-b0-81 3/11 [ALL]
1 00-02-a5-ef-16-af 3/11 [ALL]
1 00-02-a5-ee-f2-93 3/11 [ALL]
1 00-02-55-c6-05-61 3/11 [ALL]
2 00-09-6b-8c-64-ec 3/11 [ALL]
1 00-08-02-e6-b0-ed 3/11 [ALL]
1 00-08-02-e6-b0-a9 3/11 [ALL]
1 00-02-55-54-7a-e0 3/11 [ALL]
1 00-02-a5-ef-15-a6 3/11 [ALL]
1 00-08-02-e6-af-8f 3/11 [ALL]
1 00-08-02-e6-b0-bd 3/11 [ALL]
1 00-0b-cd-03-db-8b 3/11 [ALL]
1 00-09-6b-8c-25-50 3/11 [ALL]
Do you wish to continue y/n [n]? n
Since this port is connected to another switch or HUB, it is necessary to continue to track it down, as follows:
6509SE> (enable) show cdp nei 3/11
* - indicates vlan mismatch.
# - indicates duplex mismatch.
Port Device-ID Port-ID Platform
-------- ------------------------------- ------------------------- ------------
3/11 Cisco2924 GigabitEthernet1/1 cisco WS-C2924M-XL
This command shows that the counterpart device is a Cisco2924. If it is not displayed, it means that the device from another manufacturer is connected. You may have to go to the switch to continue to track it down using a similar method. In this example is a Cisco device, all we can continue:
6509SE> (enable) show cdp nei 3/11 de
Port (Our Port): 3/11
Device-ID: Cisco2924
Device Addresses:
IP Address: 10.10.0.60
Holdtime: 153 sec
Capabilities: TRANSPARENT_BRIDGE SWITCH
Version:
Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE INTERIM SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mon 17-Jul-00 17:35 by ayounes
Platform: cisco WS-C2924M-XL
Port-ID (Port on Neighbors's Device): GigabitEthernet1/1
VTP Management Domain: lan
Native VLAN: 1
Duplex: full
System Name: unknown
System Object ID: unknown
Management Addresses: unknown
Physical Location: unknown
Cisco2924#show mac-address-table dynamic address 0009.6b8c.64ec
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
0009.6b8c.64ec Dynamic 2 FastEthernet0/2
Cisco2924#show mac-address-table dynamic interface f0/2
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
0009.6b8c.64ec Dynamic 2 FastEthernet0/2
From the above command, we can see that the MAC address 0009.6b8c.64ec is connected to the Cisco 2924 switch and is the only active MAC address on this port, so a machine with an IP of 10.10.1.250 should be connected to this port.Article entry: csh Editor in charge: csh
If you do not have this software, you can also use the following manual analysis methods to find out the answer:
Example network: The core switch is 6509 (switch engine SE uses CatOS and MSFC to run IOS software)
1. Find the MAC address corresponding to the IP:
By checking the system's ARP cache table, you can find the MAC address corresponding to a certain IP. Since ARP cannot be performed across VLANs, the routing module MSFC connecting each VLAN is the best choice - generally it has an interface vlan n on each VLAN, which can correctly interpret ARP.
6509MSFC#ping 10.10.1.65
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.1.65, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
6509MSFC#show arp | in 10.10.1.65
Internet 10.10.1.65 2 0006.2973.121d ARPA Vlan2
Through the above command, we know that the MAC address of 10.10.1.65 is 0006.2973.121d, which is the MAC address expression of the IOS device. In CatOS, it should be written as 00-06-29-73-12-1d.
2. Find the port corresponding to the MAC address on the switch
6509SE> (enable) show cam 00-06-29-73-12-1d
* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry.
X = Port Security Entry $ = Dot1x Security Entry
VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type]
2 00-06-29-73-12-1d 9/41 [ALL]
Total Matching CAM Entries Displayed =1
Does this mean that machines with IP 10.10.1.65 are connected to port 9/41?
uncertain. If the following command shows that there is only one active MAC address on the port, the answer is yes:
6509SE> (enable) show cam dynamic 9/41
* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry.
X = Port Security Entry $ = Dot1x Security Entry
VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type]
---- ------------------ ----- -------------------------------------------
2 00-06-29-73-12-1d 9/41 [ALL]
Total Matching CAM Entries Displayed =1
If the command shows that there are multiple active MAC addresses on the port, then this port should be connected to another switch or HUB device. See the following example (find the switch port corresponding to IP 10.10.1.250):
6509MSFC#ping 10.10.1.250
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.1.250, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
6509MSFC#show arp | in 10.10.1.250
Internet 10.10.1.250 4 0009.6b8c.64ec ARPA Vlan2
6509SE> (enable) show cam 00-09-6b-8c-64-ec
* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry.
X = Port Security Entry $ = Dot1x Security Entry
VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type]
---- ------------------ ----- -------------------------------------------
2 00-09-6b-8c-64-ec 3/11 [ALL]
Total Matching CAM Entries Displayed =1
6509SE> (enable) show cam dy 3/11
* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry.
X = Port Security Entry $ = Dot1x Security Entry
VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type]
1 00-03-e3-4b-06-80 3/11 [ALL]
1 00-08-02-e6-b0-cd 3/11 [ALL]
1 00-02-a5-ee-f2-4f 3/11 [ALL]
1 00-09-6b-8c-66-d6 3/11 [ALL]
1 00-09-6b-63-17-d9 3/11 [ALL]
1 00-0b-cd-03-ec-f5 3/11 [ALL]
1 00-09-6b-63-17-d8 3/11 [ALL]
1 00-08-02-e6-b0-c1 3/11 [ALL]
1 00-08-02-e6-b0-85 3/11 [ALL]
1 00-08-02-e6-b0-81 3/11 [ALL]
1 00-02-a5-ef-16-af 3/11 [ALL]
1 00-02-a5-ee-f2-93 3/11 [ALL]
1 00-02-55-c6-05-61 3/11 [ALL]
2 00-09-6b-8c-64-ec 3/11 [ALL]
1 00-08-02-e6-b0-ed 3/11 [ALL]
1 00-08-02-e6-b0-a9 3/11 [ALL]
1 00-02-55-54-7a-e0 3/11 [ALL]
1 00-02-a5-ef-15-a6 3/11 [ALL]
1 00-08-02-e6-af-8f 3/11 [ALL]
1 00-08-02-e6-b0-bd 3/11 [ALL]
1 00-0b-cd-03-db-8b 3/11 [ALL]
1 00-09-6b-8c-25-50 3/11 [ALL]
Do you wish to continue y/n [n]? n
Since this port is connected to another switch or HUB, it is necessary to continue to track it down, as follows:
6509SE> (enable) show cdp nei 3/11
* - indicates vlan mismatch.
# - indicates duplex mismatch.
Port Device-ID Port-ID Platform
-------- ------------------------------- ------------------------- ------------
3/11 Cisco2924 GigabitEthernet1/1 cisco WS-C2924M-XL
This command shows that the counterpart device is a Cisco2924. If it is not displayed, it means that the device from another manufacturer is connected. You may have to go to the switch to continue to track it down using a similar method. In this example is a Cisco device, all we can continue:
6509SE> (enable) show cdp nei 3/11 de
Port (Our Port): 3/11
Device-ID: Cisco2924
Device Addresses:
IP Address: 10.10.0.60
Holdtime: 153 sec
Capabilities: TRANSPARENT_BRIDGE SWITCH
Version:
Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE INTERIM SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mon 17-Jul-00 17:35 by ayounes
Platform: cisco WS-C2924M-XL
Port-ID (Port on Neighbors's Device): GigabitEthernet1/1
VTP Management Domain: lan
Native VLAN: 1
Duplex: full
System Name: unknown
System Object ID: unknown
Management Addresses: unknown
Physical Location: unknown
Cisco2924#show mac-address-table dynamic address 0009.6b8c.64ec
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
0009.6b8c.64ec Dynamic 2 FastEthernet0/2
Cisco2924#show mac-address-table dynamic interface f0/2
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
0009.6b8c.64ec Dynamic 2 FastEthernet0/2
From the above command, we can see that the MAC address 0009.6b8c.64ec is connected to the Cisco 2924 switch and is the only active MAC address on this port, so a machine with an IP of 10.10.1.250 should be connected to this port.Article entry: csh Editor in charge: csh