1. Home
  2. Cisco Systems
  3. 650x + multiple VLANs + l2trace on non-mgmt VLAN

650x + multiple VLANs + l2trace on non-mgmt VLAN

I give up :( I have a 6506, running hybrid, with switching and inter-VLAN routing enabled, and multiple VLANs defined. I cannot figure out how to run l2trace for systems belonging to other VLANs than the management one (in an attempt to identify the port where a specific IP addressed system is, which is not in the management VLAN).

I assume (?!?) that is because I am remotely logged into the management VLAN and thus any attempts to identify the MAC of another VLAN system failing: e.g.

my_switch> l2trace 172.30.0.1 172.30.0.5 Cannot find the corresponding MAC address for the source IP address

172.30.0.1. l2trace aborted.

-- where the mgmt VLAN interface I am logged in "through" being on

172.20.0.1

but the question is: how do I get access to those other VLANs, to be able to l2trace IPs or MACs?!? I guess the question could be further expanded (excluding the l2tracee mechanism): how do I find out the ports where systems with a specific IP are plugged in, if those systems belong to another VLAN than the management (and obviously I do NOT know their MACs!!!)?!?Any ideas?!?

NOTE: I need - further - to span that port to another system which I just placed in the same VLAN, for debugging purposes (but I think that part would be easier?!?).

TIA, papi

Reply to
papi
Loading thread data ...

In article , papi wrote: :I give up :( I have a 6506, running hybrid, with switching and inter-VLAN :routing enabled, and multiple VLANs defined. I cannot figure out how to :run l2trace for systems belonging to other VLANs than the management one

I do not know anything about l2trace, but if it uses SNMP, then you need to use SNMP "community indexing" or "snmp contexts"

ftp://ftp.cisco.com/pub/mibs/supportlists/wsc6509/wsc6509-communityIndexing.html

Reply to
Walter Roberson

ftp://ftp.cisco.com/pub/mibs/supportlists/wsc6509/wsc6509-communityIndexing.html

Thank you for your answer - I am not sure what would be the syntax for snmpwalk, though, in such a case:

$ sudo snmpwalk -v 1 -c public@vlan-

does not seem to work (with public@ with or without quotes)?!?

NOTE: Your response gave me an idea, though, so I snmpwalked the switch, looking for the IP, i.e.:

$ sudo snmpwalk -v 1 -c public |grep

thus obtaining the MAC, then telnet-ed into the switch and running accross the dynamic cam table, i.e.:

my_switch>show cam dynamic | include

and got the answer ... Hmmm - but I would love to automate this, somehow, so the proper syntax to what you were suggesting may be the only "clean" way.

Thx again, papi

Reply to
papi

On 15.05.2005 16:15 papi wrote

Buna,

l2trace will only be successful for those MAC addresses which are in your CAM table. So try to l2trace between two MAC addresses first. afaik l2trace also uses CDP.

Arnold

Reply to
Arnold Nipper

Multumesc :)

See my other follow-up, regarding snmpwalk-ing the whole deal. I think that there is an issue with where from you're trying to l2trace (different VLAN may not show what's needed, while a combination of snmpwalk and cam table lookup may provide the answer).

On the other observation - I had great hopes about a tool with CDP capabilities, for obvious reasons (not having too manually traverse switches, when a specific MAC is found across a trunk interface) ... but that is another deal, altogether.

papi

Reply to
papi

PAPI,

STEP 1: ping the destination IP so your router knows about it and you know its live STEP 2: (Using Net-SNMP) 'snmpwalk -c ipNetToPhysAddress' - this will return all the MAC-to-IP resolutions your router knows of STEP 3: On the switch, 'show cam dyn ' - this will show you the port (or trunk) the MAC has been learned through

That simple. True, if you have multiple switches and it is not practical to issue the 'show cam ...' command on each of them, then you can do as someone else in this thread suggested and use Cisco's SNMP community indexing. But there is a lot more to it than that. You would have to:

1) retrieve all MAC's from all VLAN's on each switch -dot1dTpFdbAddress retrieves them in HEX to Decimal table form. 2)get the decimal MAC to "Bridge Port Identifier" translation. This is an arbitrary # assigned to each decimal MAC - dot1dTpFdbPort. 3) get the "basePortIfIndex" to ifIndex translation. This translates the arbitrary (or dynamic, if you prefer) # assigned to each MAC in a VLAN to the arbitrarily (dynamically) assigned # to each port in the switch - dot1dBasePortIfIndex 4) From here, you get the ifIndex to switch port name translation via portName or locIfDescr (depending on how old your equipment is).

... and there you go. If you are going to go this far into it, then it also might help to weed out your trunk ports somewhere in the steps below (cause the machine you are searching for would never be attached to a trunk port, of course).

... and, once you get this far and you have the ifIndex to port name mappings, then you can get a whole flood of info; any table that is associated with ifIndex will now be easily understoood, retrievable, etc.

Give me a good NMS job and I will write you a milli> >

management one

management

address

(different

Reply to
dmcollin

Very good suggestions - all - I've mentioned part of those in the other thread of "replies-to-answers", to my original posting. There are multiple ways to "skin a cat", but none with immediately useful results - a bunch of sed and awk one-liners, with SNMP, should give the desired output. I also like the "|" capability (regex) of Cisco CLI, BUT - all in all - I was interested in making l2trace work, though ...

thanks again for all answers, papi

P.S.: it is ipNetToMediaPhysAddress, not ipNetT> PAPI,

Reply to
papi

Yes, yes ... ipNetToMediaPhysAddress and there are other similar ones that would do the trick.

all of my L2TRACE experiences ended up with results like yours. That's why I went for the app.

cheers.

Reply to
dmcollin

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.