Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
0
Helpful
3
Replies

Anyone know of fast method for tracking an IP to the end switch/mod/port?

brown-mark
Level 1
Level 1

‎06-28-2002 11:07 AM - edited ‎03-08-2019 11:14 PM

I was wondering if anyone knows of any shell scripts or other tools designed to quickly trace an IP address to a particular switch, module/port. I've had cause to track down a large number of systems in the past (as a result of worm/virus activity)... where it is essential to quickly determine which switch, mod/port the host is on -- then disable the port.

Cisco Works user tracking isn't up to the task; the data must be essentially up-to-the-minute, and doing an IP lookup through the GUI, while fine for the occasional query, would be impossible for dozens (or hundreds) of addresses.

Right now, the process looks something like this:

- Get alert from IDS or firewall indicating suspicious activity

- Arp in proper subnet for offending IP's MAC address

- Telnet to root bridge switch

- Issue "show cam XX-XX-XX-XX-XX-XX" to see if MAC is local

- If MAC is local (shows up on non-trunked port), "set port dis X/Y"

- If MAC is on trunked port, "show cdp neighbor" to see where trunk goes

- Telnet to switch on other side of trunk

- Repeat MAC locating steps until we finally get to the right switch that the host is physically connected to

- Disable the host's port

In short, the process is a real pain :)

It looks like this would be reasonably easy to do with shell / Perl scripts... but scripting isn't my forte. I could probably do it after bumbling around for a month; but my guess is that someone out there has already managed to do this for 6000 series switches.

Any help / suggestions would be -very- much appreciated.

Cheers,

Mark Brown

Labels:
0 Helpful
3 Replies 3

wdrootz
Level 4
Level 4

‎07-08-2002 12:43 PM

The perl solution is really the only way outside of purchasing something custom made. Bite the bullet and do the perl work, you will be glad you did as it will give you the freedom to make changes and whatnot based upon your own particular enterprise.

0 Helpful

kcook
Level 1
Level 1

‎07-19-2002 09:51 AM

The L2TRACE command, available in some Cisco switch operating systems, is supposed to do exactly what you want. It requires that all the switches in the path have CDP enabled. See the link below.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/cmd_ref/ghi_cmd.htm#96626

0 Helpful

tpatkowski
Level 4
Level 4

‎10-29-2002 10:06 AM

Try the Switch Port Mapper from http://solarwinds.net, this is one of the tools included in the Network Management Tools, they are not free but you can try it for 30 days.

This utility will give you list of ports/mac address/ip address on your switch or managed hub

0 Helpful
Customers Also Viewed These Support Documents