cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2147
Views
0
Helpful
3
Replies

How to see clients on vlans?

ersin erol
Level 1
Level 1

Hi everyone,

On the Backbone switch there are vlans,I want to see that which clients (mac adreseses) on the vlans.For example: On the vlan 10 there 50 mac adresses like that.How can I see ?

Thanks        

1 Accepted Solution

Accepted Solutions

Hello Ersin,

In general, this is very difficult to find out. The IP address could have been assigned manually and changed afterwards, and all traces of this IP-to-MAC correspondence may be lost. If an IP address is assigned manually, the only trace telling about this IP-to-MAC correspondence is the ARP table (show ip arp). However, this cache eventually expires. No other common database holds these correspondences.

Assuming that the IP address was acquired from DHCP, the log messages on the DHCP server (if there are any) can be used to find out what MAC address requested the particular IP address. If the DHCP server was not used to assign this IP address to the attacker then I am afraid we are totally out of luck.

I apologize for bringing bad news.

Best regards,

Peter

View solution in original post

3 Replies 3

Peter Paluch
Cisco Employee
Cisco Employee

Hello Ersin,

If you want to see all learned MAC addresses within a particular VLAN, use the show mac address-table vlan N command, so for example:

show mac address-table vlan 10

Best regards,

Peter

Peter Thanks,

In fact problem is ; 2 days ago, one user take ip from vlan 10 ( 72.34.10.201) and too many downloaded somethings from internet I saw on the log server.I want learn which mac address took this ip ?


Hello Ersin,

In general, this is very difficult to find out. The IP address could have been assigned manually and changed afterwards, and all traces of this IP-to-MAC correspondence may be lost. If an IP address is assigned manually, the only trace telling about this IP-to-MAC correspondence is the ARP table (show ip arp). However, this cache eventually expires. No other common database holds these correspondences.

Assuming that the IP address was acquired from DHCP, the log messages on the DHCP server (if there are any) can be used to find out what MAC address requested the particular IP address. If the DHCP server was not used to assign this IP address to the attacker then I am afraid we are totally out of luck.

I apologize for bringing bad news.

Best regards,

Peter

Review Cisco Networking for a $25 gift card