how to discover 3com switches in my cisco network.

Michael Turkstra · ‎04-15-2013

good day, does anybody know how i can discover 3com switches in my cisco network.

I'm having many problems with loops and i need to find and replace old 3com switches bij cisco.

the only problem is that i am new in this company and it's a really big company with many cisco switches. but also many pollution of 3com switches thet where put somewhere to fix a problem of a short on ports, but they never document it and now they are cousing loops some times.

so is there a way to see if a 3com switch is connected to a cisco.

i know i can check sh mac-address but the i have to go interface by interface of 200 switches and i dont want that.

Thanks!!

mbilgrav · ‎04-16-2013

Get cisco Prime Infrastructure - install Prime LMS 4.2

when you have this running, start a custom discovery with CDP and your SNMP credentials, and type in multiple SNMP, that you may know of.

When the discovery has finish, which should not take long with just 200 devices, see how many unreachable devices you have, and start out from there.

Or if your other-networking-device is managed, get the Vendor MAC ID of the vendor and search your MAC tables for this.

If your other-networking-device are the unmanaged type, you will not discover then by CDP.

But let the LMS run, and try the report with ports with multiple MACs on

This will tell you where to look for unmanaged devices.

Or you could script yourself some scripts that will pinpoint LAN access ports with multiple MACs.

A 3. approach is to get clearence to inforce layer 2 security. This way you will lockdown accessport to only allow 1 MAC (depending upon your own senario you may need 2 or 3 MACs pr port)

Setting SNMP traps up to trap to your NMS, or syslog, you will be getting traps/logs when securit violation occur, hence when ports with more than one MAC gets active in the net.

By the sound of your post, with loops in your NW and all, it might be a hard, but best path to inforce Layer-2 sec, with root guard, BPDU filters etc, but then again there are many best pratices on the subject.

HTH

regards

Martin

Leo Laohoo · ‎04-16-2013

Enable BPDU guard. If a port goes into error-disable, then you know why.

mbilgrav · ‎04-16-2013

This is true, for managable device, that participate in spanning tree.

But what if the deivces are not ? i.e are unmanagable device, like small 8 port desktop device.

Only way is to search for access ports with multiple MACs on.

Leo Laohoo · ‎04-16-2013

But what if the deivces are not ?

Switches, managed or not, generate BPDU but hubs, however, don't.

mbilgrav · ‎04-16-2013

well, i totally disagree, and i am sure most people here does to.

You should consider reading theses URL:

http://www.cisco.com/en/US/prod/switches/networking_solutions_products_genericcontent0900aecd806c7afe.pdf

http://alliedtelesis.custhelp.com/cgi-bin/alliedtelesis.cfg/php/enduser/std_adp.php?p_faqid=1432&p_created=993630490

http://www.caba.org/resources/Documents/IS-2007-62.pdf

http://en.community.dell.com/support-forums/network-switches/f/866/p/6431705/6554691.aspx#6554691

http://forum1.netgear.com/showthread.php?t=6676

http://www.tp-link.us/article/?faqid=260

I short - unmanaged switches do not participate in STP, hence do not send BPDU.

Leo Laohoo · ‎04-17-2013

unmanaged switches do not participate in STP, hence do not send BPDU.

I must be "old school" but I do recall that Spanning-Tree Protocol is Layer 2 (switching). Hubs, operating in Layer 1, do not participate in STP.

Oh well, I'll sit in the sideline and let other chime in their thoughts and opinions to this matter.

shillings · ‎04-17-2013

I don't think there are any hard and fast rules. I would check the switch data sheet and see which, if any, STP mode/s are supported. Which 3com switch models are they?

mbilgrav · ‎04-17-2013

"I don't think there are any hard and fast rules"

But there are - STP is a feature that needs to be configured. Since unmanaged switches are unconfigurable by nature, it should be pretty obvious that you can not configre STP eighter. Dont take my word for it, but please read the provided URLs, before reply. Else we go in a loop (HA!)

But I would strongly recommend you guys to take up this debate in a new thread, instead of hijacking this one.

Please keep the thread to the post in question.

shillings · ‎04-17-2013

Looks like you're correct. Makes sense the more I think about how it would actually work, or not.

Ref the OPs original post, I recall having to upgrade an old unmanaged 3COM or HP switch to enable it to forward BPDUs. Might be worth checking out.

sdavids5670 · ‎04-18-2013

Assuming that the 3COM switches are all unmanaged switches then they'll most likely be connected to access ports on your Cisco switches. If that is the case, you could use SNMP to build a list of all Cisco switch ports that are non-trunking (and NOT connected to a phone) but have multiple MAC addresses. Filter out for known VM MACs (to exclude people running VMware workstation or Hyper-V) and that'll give you a good list to go by. If the 3COM switches all have IP addresses associated with them (for management purposes) then the other option might be to ping sweep your infrastructure and search for MAC addresses assoicated with 3COM. I think the multiple-MAC option is the better option. Ultimately there's not going to be a silver bullet on this problem. The best you can hope for is to generate a list that narrows things down but you'll still miss switches that, for whatever reason, only have a single device connected to them (for example). Do you have strong scripting skills? If not, I could probably script something up for you in a few hours. Do you have a list of IP addresses for all of your Cisco switches?