Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
819
Views
0
Helpful
4
Replies

Tracking an ip or mac address to a switch.

rsanders
Level 1
Level 1

‎10-30-2003 01:25 PM - edited ‎03-02-2019 11:22 AM

From the nachi virus I still have stations that have the virus. Besides turning off the hub switch, I can't quickly find the device. Is there a procedure or command to pinpoint a port on a switch that is broadcasting?

Labels:
0 Helpful
4 Replies 4

cleroy
Level 1
Level 1

‎10-30-2003 01:59 PM

I am sure it depends on the hardware but this works on 2900 and 3550 type switches.

- Ping the station doing the broadcast from the switch.

- Check the arp table to get the mac address corrsponding to the IP

- Check the mac table to find the interface.

Work your way up to the next switch if the interface you find is a trunk.

Hope it helps.

0 Helpful

milan.kulik
Level 10
Level 10
In response to cleroy

‎10-30-2003 11:28 PM

You can also use l2trace command on CatOS switches.

Regards,

Milan

0 Helpful

glen.grant
VIP Alumni
VIP Alumni
In response to milan.kulik

‎10-31-2003 08:46 AM

Must have at least 6.X code to run l2trace though .

0 Helpful

wsitu
Level 1
Level 1

‎10-31-2003 04:58 PM

if these are cat switches, you can do "sho port mac" after you clear counters. identify which port is doing excessive broadcast.

Nachi will try to hit all of your networks. the other solution is have an acl on your router, and review the log. more solutions can be found on www.cert.org

0 Helpful
Customers Also Viewed These Support Documents