03-30-2020 11:43 PM - edited 03-30-2020 11:44 PM
Hi,
I am trying identify a port that has a particular IP attached to it. I am using 5 x Cisco c3750X in a stack. The device responds to Ping, but I am unable to identify it via HTTP, Telnet etc...
A sh arp command returns...
Internet 10.1.1.241 0 0000.5e00.0101 ARPA Vlan1
Internet 10.1.1.242 0 9818.8874.0a4c ARPA Vlan1
Internet 10.1.1.252 131 643e.8cf1.3715 ARPA Vlan1
Internet 10.1.1.253 0 1051.72f8.2804 ARPA Vlan1
Internet 10.1.1.254 0 0000.5e00.0101 ARPA Vlan1
The rouge IP is 10.1.1.241 with a MAC address of 0000.5e00.0101. Unfortunately there is another IP address with the same MAC 10.1.1.254.
10.1.1.254 is a known VRRP address.
If i issue a sh mac address-table address 0000.5e00.0101 the switch only returns one result
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0000.5e00.0101 DYNAMIC Gi2/0/48
Total Mac Addresses for this criterion: 1
The returned result is for the known VRRP Mac address.
My question, Is how can i identify the port the second MAC is connected to?
Many Thanks
Andrew
03-31-2020 05:37 AM
I'm not sure I understand your question.
VRRP is a redundancy protocol so it is by design that multiple devices participate in this VRRP
Over Ethernet, VRRP routers use a common MAC address -> it need not be a rogue device, just the other vrrp member
do "show CDP neighbors" to see if Gi2/0/48 is connected to another switch,
then use the same commands follow the mac-address.
03-31-2020 05:43 AM
Hi,
Gi2/0/48 is connect to our Router. The router is advertising the VRRP address which is correct.
The problem i have is there is another VRRP address 0000.5e00.0101 associated with IP address 10.1.1.241.
It is this Mac / IP that i am trying to locate and find the port it is attached to.
Vlan 1, 10.1.1.0/24 only exists on this switch stack so I assume the device is connected to one of the ports. It is a stack of 5 x 48p switches.
Andrew
03-31-2020 06:32 AM
This document describes why you cannot connect to that address.
By default, the master VRRP router drops the packets addressed directly to the virtual IP address because the VRRP master is only intended as a next-hop router to forward packets.
if your only components are the switch and the router,
then it may be the switch/stack itself that is the other VRRP member? which could explain you cannot find a physical port
try "show ip interfaces brief" on the stack to see if the ip-address resides there
03-31-2020 07:10 AM
Hi,
The switch is not a VRRP member.
Are you implying that the sh mac address-table address 0000.5e00.0101 command would have returned 2 interfaces if that MAC was present on two different interfaces?
I was assuming that it was only returning the first as it would not expect duplicate MAC's on different ports.
Thanks
Andrew
03-31-2020 07:43 AM
Hi,
Based on the MAC address of "0000.5e00.0101" it means you run VRRP group number 1, in VLAN 1 based on the provided output. The fact that you have 2 ARP entries, 2 different IP addresses resolving to the same virtual MAC address, it means one of the following:
- you have configured both a primary VIP and secondary VIP for group 1, namely 10.1.1.241 and 10.1.1.254
- you have misconfigured VRRP, and each VRRP group member uses a different VIP, namely 10.1.1.241 and 10.1.1.254
If one of the IP's does not reply to ping, in general it means that the VIP is the same as the IP address configured at the interface level. The easy way to identity those MAC's location would be to know which devices run VRRP and in which ports are those connected. Otherwise you can hunt hop-by-hop by looking on the MAC address, out which port is it reachable, or you could use the layer 2 traceroute feature.
Regards,
Cristian Matei.
03-31-2020 08:16 AM
Hi,
That's the problem, is suspect someone has configured another VRRP connected to the Switch.
Both 10.1.1.254 (know VRRP on GI2/0/48) and 10.1.1.241(unknown VRRP) both ping.
I have no idea how to find the port the unknown VRRP address is connected to. The one that resolves to 10.1.1.241.
Andrew
03-31-2020 08:49 AM
Hi,
Use the layer 2 trace route feature, the link is above on my other post, or go switch-by-switch with "show mac address-table address" to discover the port and "show cap neighbors" to identify what other switch o connected to that port, connect to that other switch and so on.
Regards,
Cristian Matei.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide