1. Home
  2. Cisco Systems
  3. Tracking down a client's port

Tracking down a client's port

Newsgroup -

I have a network made up of 2950s and 3508s. There's six TCs, each with a pile of 2950s connected together via GigaStack, and the closets are connected together via the 3508s with fiber on a GBIC.

Every time I need to track down the port that a client is on (starting only from the IP address), I have a rather lengthy procedure that I follow:

- Get on the first 3508 and ping the IP address.

- Look at the ARP table on the switch to find the MAC address.

- Look at the MAC address table to see which port the MAC is assigned to. If a switch isn't connected to that port, I've found my port.

- Look at the CDP neighbors table to see which switch is connected to the port the MAC address is connected to. (If it's on the GigaStack link, this could take a while since you don't know WHICH switch in the stack you're looking for.)

- Jump over to that switch, look at the MAC address table. If it's connected to another switch, repeat until the end port is found.

This works, but it takes a while. Every time I do this I end up thinking "You know, there has to be an easier way to do this..."

Is there? :)

- Matt

Reply to
Matt White
Loading thread data ...

trace mac

Reply to
Joop van der Velden

"Error: Device has Multiple CDP neighbours on source port."

The device I'm looking for is on the GigaStack... so that is a correct statement.

At least that'll be handy in places where we don't use a GigaStack.

- Matt

Reply to
Matt White

I use a perl script for this. The switchport description says which switch or host is connected on this port so i don't need cdp. And it can ask all routers and firewalls in our data center for their arp tables.

Ciao

Reply to
Rainer Nagel

In article , Rainer Nagel wrote: :I use a perl script for this. :The switchport description says which switch or host is connected on :this port so i don't need cdp. :And it can ask all routers and firewalls in our data center for their :arp tables.

Unfortunately this doesn't generalize to all vendors. For example, the Nortel Baystack switch series (4x0 and 5510 both) do not have any SNMP mechanism for retrieving the user-assigned switchport description: instead one gets the system-generated description such as "BayStack 450-24T - Unit 3 Port 7".

Even within Cisco, there is no way to assign a port description on with PIX software at least up to 6.x.

Another challenge is that when you are working with a mix of devices, there are -three- MAC tables you have to probe, not just one. ifPhysAddress atPhysAddress ipNetToMediaEntry . And the format of the result of the latter two of those is not consistant from device type to device type. For example, in some cases (Nortel Accelar/Passport) you have to do a binary decomposition of the port identifier in order to find out what the portindex is.

Then there are challenges involving the devices lying or returning incomplete results, with the -kind- of lying they do dependant on whether you are using snmpget, snmpwalk, or snmpbulkget ...

All in all, it's a non-trivial effort to write -reliable- generalized MAC probe scripts for homogenous devices. And you often still don't get the information you are looking for because of ARP table timeouts...

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.