Re: find a PC in a LAN.

hanwucisco · ‎04-20-2006

Hi, Folks:

I've been asked this question, and the guys siad my answers were not satisfying.

The question is this:

You have a network that consists of many swithes--like 40 something, in IOS and CATos. Now you know the Mac-address of a PC but you dont know which switch it is attached to. The PC can be running or disconnected or shutdown.

The question is: what is the simple way to find out on which switch and which port this PC is.

thanks,

H.

Bobby Thekkekandam · ‎04-20-2006

Hi,

In order for you to track it down by CLI commands, the MAC address must be in the mac address table of the switch, so the PC will have to be up and running.

You will also need to know which device is the default gateway for the PC in question. At the default gateway, do a "show arp | inc xxxx.xxxx.xxxx"

This will give you the IP address as well. Then ping the ip of the PC. This will refresh the MAC address table entries of all of the switches in the path as the address could have aged out of one or more switches in the path, creating a dead end.

Now, if the default gateway is a router, connect to the downstream switch. Check the mac-address table for the mac address in question using the necessary command.

CatOS: show cam dynamic

IOS: show mac-address-table dynamic

The output will give you the Vlan, mac address, and port on which it was learned. If the learned port is a host port, then you've found your PC. If the learned port is a link to another switch, telnet to that switch and repeat the same procedure. Eventually, you will find that the mac address in question was learned on a user port, which will be the PC you're looking for.

HTH,

Bobby

*Please rate helpful posts

cro9uk · ‎04-20-2006

The way i do it is to telnet to the switch and do a sho mac add to get a list of all mac addresses attatched to the ports, i realise that this means you connecting to each switch individually so if anyone has a better solution?

Bobby Thekkekandam · ‎04-20-2006

That's really the only way to do it. I generally start at the device that is the default gateway for the VLAN that the host in question is in, as it will usually always have an ARP entry for the host in question due to a longer aging time.

HTH,

Bobby

*Please rate helpful posts.

dave.keith · ‎04-20-2006

Cisco Network Assistant provides a good interface for searching multiplw switches for a single MAC address. You have to move between switches in a community by selecting them from a drop-down, but it's much quicker than exitting out of a telnet session and setting up another. Of course I am not counting the many seconds it takes for CNA to startup :)

Dave

vladrac-ccna · ‎04-20-2006

Hello there,

Depending on the IOS or CATOS you have, did you consider using a layer 2 traceroute?

l2trace or traceroute mac ?

I use this a lot and its pretty handy.

HTH

vlad

hanwucisco · ‎04-21-2006

when using l2traceroute, if the macs are in different vlan, it'll become a little complicated to them.

thanks,

Patrick Laidlaw · ‎04-22-2006

Hello,

Well the simple way to find out what port the pc is on is to go look at the patch panel that it is plugged into.

But I'm assuming this question is to test your knowlege of the switches. Under the assumption that this is large network it would be appropriate to assume that they are useing some sort of monitoring software. I personnaly would be using Solarwinds engineers edition and have it do an snmp lookup on each of the switches to see where that mac address shows up or use what ever utility "Cisco Network Assistant" "Solarwinds" "some other utility" to do the same thing.

The only other way to track down the port is to connect to each switch and look at there cam table or mac-address-table.

Patrick