It's worth noting that on some Cisco devices the command 'show mac-address-table' also works. Step 3: Find the IP Address. On the layer 3 device ( L3 switch or router) in my case I am using a router, enter the username and password if needed. Next enter 'enable' mode on the router by typing enable. Next type 'show ip arp' if done correctly you. Cisco assigns a large block, e.g. 1024, MAC addresses to a switch supervisor for use in STP because Cisco defaults to PVST+ and needs a MAC address for each VLAN. Each interface that may send ethernet traffic needs a unique MAC address. Logical interfaces, e.g. SVIs, will also get MAC addresses. IP Address Relationship. TCP/IP networks use both MAC addresses and IP addresses, but for separate purposes. A MAC address remains fixed to the device's hardware, while the IP address for that same device can be changed depending on its TCP/IP network configuration. Switches maintain a database of MAC addresses, both manually configured (static) and dynamically learned entries. During troubleshooting, it may be helpful to investigate the entries in the MAC table. To view the whole MAC table, use the following command from enable mode: show mac-address-table To list only the dynamically learned entries in the MAC table.
NOTE: This how-to is based on the premise that you have switches with ports that you don't know where they are going, no inter-vlan routing, and do not have access (due to permission restrictions) to some of Spiceworks application features.
A while back I was trying to figure out how to map our network, switchports in particular, but could not gain access to the whole building to test from the wall jacks and/or nodes on our network. I could, however access all the switches, but not our router, and routing is not enabled on our switches anyway, though they are layer 3 capable (pretty much a flat network).
I was unable to perform this task with Spiceworks due to settings our manager imposed, so I had to find a workaround to get the job done.
I used a combination of the command line (Windows 7) and telnet to access the main switches of our network to figure out what is on the end of each switchport. In doing so, knowing the location of system host names, I was able to more accurately map where each switchport went to without having to beg for authorization after hours to investigate this from each physical location. Also, if you have a network larger than 200 nodes, this will definitely help if you have to do it the way I did, even if you do have physical access, because the legwork alone may take days...
5 Steps total
Step 1: Information Gathering: Command Line - PC
In your command window (you may need elevated privileges, and if you don't already have it installed) install NMAP from NMAP.org and run the following command:
nmap -v -sn 192.168.x.1-254
What this command will do is find the hosts in the IP range specified on your network, give you the hostname (if it can find it), IP address, and MAC address. To make it more useful, you can dump it to a text file thusly:
nmap -v -sn 192.168.x.1-254 >> nmapoutput.txt
Then you'll have a nice little document you can work from rather than having to scroll through your command prompt.
If any come up that do not display the hostname, you can try again using NetBIOS with the IP address you get from NMAP as follows:
nbtstat -A 192.168.x.x
This will give you the hostname and MAC address, so you can compare them and modify your text document output for later.
Step 2: Information Gathering - Switch
Next, login to your switches (preferably using telnet or ssh).
I used the command:
telnet 192.168.x.x
Then, select which switch to begin from. The main switch gives me a list of 0,1,2,3 and from there I just select which one I want, based on where I'm looking.
Based on your output from NMAP, if you know the approximate location of the hostname, this may help determine which switch it is attached to. Keep in mind, these instructions are for networks that have little to no routing, pretty much all layer 2 - flat network type. With routing, you may be able to obtain more information off your routers and/or switches (if MLS).
Step 3: Show Commands - Switch
So once in the switch of choice, there were two commands to play with:
show mac-address
and
Mac Address For Cisco Phone
show mac-address ethernetX (where X = port number)
We have HP switches currently, so for Cisco you would use:
show mac-address fastethernet0/X (where X = port number)
^^^CORRECTION: show mac address-table
is the Cisco command! ^^^
If you use the interface-specific version of the command, you will get a list of MAC addresses learned through that port. With this, all you have to do is find one of the MAC addresses listed here on the text document from NMAPs output, and you'll know that switchport is going to that office (wherever that node is located).
You can then start building a spreadsheet or database with the switch name/location, port number, IP addresses, hostnames, and MAC addresses associated with that port (or you can just use whatever information you need to keep track of what is going where).
Step 4: Troubleshooting - MAC address not learned?
The quickest way to force the switch to learn a MAC address if one seems to be absent from the show mac-address command, ping the IP address associated with the MAC address that is missing.
After your ping, run the show mac-address command again and you should see the address come up. If not, you may have a node that is turned off or something else may be wrong. If you have existing data about current locations, host names, and MAC addresses, you may sift through that as an additional reference, assuming it is up-to-date.
Step 5: Troubleshooting - MAC address shows on more than one switch!
This is normal, as other switches will learn and their CAM tables will add known MAC addresses as frames move through the network. What you need to be aware of are what port numbers link switches together.
The interconnecting ports, often linked via fiber these days, will typically be higher numbered ports. If you have a more basic switch, then it could just be all fastethernet ports and you'll need to know which ones go between switches, but if you have gigabitethernet ports, then typically your interswitch links or trunks will go through those.
If you absolutely have no idea which ones are which, you can try this:
Look at your show mac-address command and see what port the MAC address you are following goes through.
Based on your network topology, go to the next switch and see what ports that MAC address was learned on there.
Note if the port is higher or lower than the previous one, and normally if it's one of the highest numbered ports on the switch, that switch isn't directly linked to that MAC address and has instead learned it from another switch.
You can see more information about ports using the show ip interface brief command or the show ip interfaces command or just the show interfaces command. Also to note, trunked links, if you run the show mac-address gigabitethernet0/x command on it, the list of known MAC addresses will be much larger than a normal switchport. This is because there are many more devices that it learned from the other switches it's connected to.
I hope this how to finds it's way into the browsing path of others who have ran into this problem too. When you have hundreds of devices connected to a network, and poorly kept documentation on what is where and how it's connected, it is important to know how you can find what you're looking for without tearing your hair out too much.
Also, if you happen to be like I was a few years ago, being timid of the command line world, seeing some of the useful ways you can use it like through this how-to and the many scripts our fellow spiceheads post should help you become more comfortable with using the command line for more things. Not only is it typically faster than trying to load a GUI, you can redirect your output to a document for later use :)
NMAP does however offer a feature called Zenmap GUI, which is GUI-user friendly for those who still shy away from the command line. It's sort of a command line GUI for the non-command line user.
Happy networking!
References
Cisco Mac Address Lookup Model
- NMAP
1 Comment
Mac Address For Cisco Ip Phones
- ChipotlexTROUBLEx Oct 21, 2014 at 12:36am
Thanks for the share joe.great write up. over looked where you stated Zenmap Gui