cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
125486
Views
16
Helpful
15
Replies

How to find the IP address of a device connected to a specific port in cisco 2960??

ahmedeyaadh
Level 1
Level 1

By using show mac address-table interface I can see the mac's of the devices connected to the interface, is there any way that I can find the IP address on the device connected that perticular interface, lets say for example I connect a PC to fast ethernet port 4 of cisco 2960, by using:

show mac address-table interface fastEthernet0/4

I get the result as given below,

          Mac Address Table

-------------------------------------------

Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

999    001e.8c16.c362    DYNAMIC     Fa0/4

Total Mac Addresses for this criterion: 1

now from the switch it self I want to see whats the IP on the device 001e.8c16.c362. How can I do it?

15 Replies 15

Reza Sharifi
Hall of Fame
Hall of Fame

If your device is layer-2 only, then you can't see the IP address, but if the device is doing layer-3, you can use "sh ip arp"

It will tell you the vlan, the IP and the MAC address.

HTH

well the network is designed in a manner like this

Core (Cisco3750) -----> Distribution (Cisco 2960) -----> Device (Computers, wifi APs...etc)

I have defined all the interface vlans on the core switch only and I did basic switching on the destribution switches and core is the only layer 3 switch in the network.

So is there a solution???

from that PC, do a ping to your cisco switch.

show arp will display the ip and MAC. Then match the MAC in the mac address table.

Hello,

Basicly you can right now check if ARP for that MAC present on core with "show ip arp | i 001e.8c16.c362" command. If not you can ping the subnet address to get that ARP. Explaining how to do it below:

So we have PC in question in VLAN 999. I assume you have routed SVI VLAN 999 on core. That should have ip address assigned. And the PC we are talking about should have ip in same subnet.

So from core you can ping the broadcast mask of your subnet which will ping every host on the local subnet. So if VLAN 999 has ip address of 10.10.10.1 255.255.255.0 on SVI - then broadcast address for this network will be 10.10.10.255. So pinging that from core you will get replies from all the hosts assigned with ip address in that subnet. May take a while depending of host numbers, but eventually you will have ARP records for all these PCs on core.

Then you can do "show ip arp" or even "show ip arp | i 001e.8c16.c362" to see what ip corresponds to the MAC in questions.

Hope this helps,

Nik

HTH,
Niko

Hi Ahmed,

You are fine with your network design, you can easily findout the ip of any specific port which you want.

In 2960 switch:

#show mac address-table interface fastEthernet0/4

I get the result as given below,

          Mac Address Table

-------------------------------------------
Vlan    Mac Address       Type        Ports
----    -----------       --------    -----

999    001e.8c16.c362    DYNAMIC     Fa0/4

Total Mac Addresses for this criterion: 1

Now login to your 3750 switch and apply the below command.

#sh ip arp 001e.8c16.c362

It will give you the specif IP belongs to that mac address.

Please rate the helpfull posts.
Regards,
Naidu.

Hi Latchum,

It doesnt really do the thing for me, by doing so I get an empty reply,

core#sh ip arp 001e.8c16.c362

core#

Thats all what I get

Hi Nikolay,

It does not give me all the IP/Mac addresses of the devices connected to the destribution switches, but only a few here is my reply:

core#ping 192.168.1.255

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.255, timeout is 2 seconds:

Reply to request 0 from 192.168.1.113, 1 ms

Reply to request 0 from 192.168.1.239, 84 ms

Reply to request 0 from 192.168.220.19, 9 ms

Reply to request 0 from 192.168.0.51, 1 ms

Reply to request 0 from 192.168.220.15, 1 ms

Reply to request 0 from 192.168.220.16, 1 ms

Reply to request 0 from 192.168.220.14, 1 ms

Reply to request 0 from 192.168.220.18, 1 ms

Reply to request 0 from 192.168.1.42, 1 ms

Reply to request 1 from 192.168.1.113, 1 ms

Reply to request 1 from 192.168.1.239, 101 ms

Reply to request 1 from 192.168.220.19, 8 ms

Reply to request 1 from 192.168.0.51, 1 ms

Reply to request 1 from 192.168.220.16, 1 ms

Reply to request 1 from 192.168.220.15, 1 ms

Reply to request 1 from 192.168.220.14, 1 ms

Reply to request 1 from 192.168.220.18, 1 ms

Reply to request 1 from 192.168.1.42, 1 ms

Reply to request 2 from 192.168.1.113, 1 ms

Reply to request 2 from 192.168.1.239, 109 ms

Reply to request 2 from 192.168.220.19, 1 ms

Reply to request 2 from 192.168.0.51, 1 ms

Reply to request 2 from 192.168.220.16, 1 ms

Reply to request 2 from 192.168.220.15, 1 ms

Reply to request 2 from 192.168.220.14, 1 ms

Reply to request 2 from 192.168.220.18, 1 ms

Reply to request 2 from 192.168.1.42, 1 ms

Reply to request 3 from 192.168.1.113, 9 ms

Reply to request 3 from 192.168.1.239, 126 ms

Reply to request 3 from 192.168.220.19, 9 ms

Reply to request 3 from 192.168.0.51, 9 ms

Reply to request 3 from 192.168.220.14, 9 ms

Reply to request 3 from 192.168.220.15, 9 ms

Reply to request 3 from 192.168.220.16, 9 ms

Reply to request 3 from 192.168.220.18, 9 ms

Reply to request 3 from 192.168.1.42, 9 ms

Reply to request 4 from 192.168.1.113, 9 ms

Reply to request 4 from 192.168.1.239, 42 ms

Reply to request 4 from 192.168.220.19, 9 ms

Reply to request 4 from 192.168.0.51, 9 ms

Reply to request 4 from 192.168.220.16, 9 ms

Reply to request 4 from 192.168.220.14, 9 ms

Reply to request 4 from 192.168.220.15, 9 ms

Reply to request 4 from 192.168.220.18, 9 ms

Reply to request 4 from 192.168.1.42, 9 ms

core#show arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.10.10.1              3   0090.0e02.5b54  ARPA   Vlan999

Internet  192.168.1.123           -   0019.06ce.9044  ARPA   Vlan999

Internet  192.168.1.113           3   0014.38a3.bf02  ARPA   Vlan999

Internet  192.168.1.42            3   000a.5df1.a4ac  ARPA   Vlan999

Internet  192.168.0.51            3   0026.5a09.ada8  ARPA   Vlan999

Internet  192.168.1.15            7   001e.33b4.57bf  ARPA   Vlan999

Internet  192.168.1.1             0   00b0.d0ea.04ba  ARPA   Vlan999

Internet  192.168.1.6             3   0013.461d.d555  ARPA   Vlan999

Internet  192.168.1.21            0   d85d.4cc8.ed75  ARPA   Vlan999

Internet  192.168.1.233           3   0015.70a6.db93  ARPA   Vlan999

Internet  192.168.1.234           3   0015.7097.1b33  ARPA   Vlan999

Internet  192.168.1.239           3   c8bc.c8c9.b930  ARPA   Vlan999

Internet  192.168.1.231           1   0015.70b5.3ccb  ARPA   Vlan999

Internet  192.168.1.254           0   001d.7dd0.e8e1  ARPA   Vlan999

Internet  192.168.1.245          29   001d.7dd0.e8e1  ARPA   Vlan999

Internet  10.172.4.1              -   0019.06ce.9042  ARPA   Vlan20

Internet  192.168.220.16          3   0021.917b.b5d8  ARPA   Vlan999

Internet  10.172.3.1              -   0019.06ce.9043  ARPA   Vlan100

Internet  192.168.220.18          3   001e.58ab.707e  ARPA   Vlan999

Internet  192.168.220.19          3   0021.9199.8cf0  ARPA   Vlan999

Internet  10.172.3.2             99   b862.1f49.b4c1  ARPA   Vlan100

Internet  10.172.9.1              -   0019.06ce.9041  ARPA   Vlan10

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.172.3.10            86   001b.2b3f.52c1  ARPA   Vlan100

Internet  10.172.8.1              -   0019.06ce.9041  ARPA   Vlan10

Internet  10.172.3.19           115   b862.1fdb.23c1  ARPA   Vlan100

Internet  192.168.1.208           0   0019.b9fa.8d5c  ARPA   Vlan999

Internet  192.168.220.14          3   0013.4678.e1cc  ARPA   Vlan999

Internet  192.168.220.15          3   001e.58ab.7023  ARPA   Vlan999

Internet  192.168.1.132           0   001d.92e5.f0c5  ARPA   Vlan999

Internet  192.168.1.153           2   b8ac.6f4e.d149  ARPA   Vlan999

I have 80 plus computers in my network, so this reply doesnt really seems logical enough for me to say that those are the only alive devices in my network. Is there a way that I can call a device in network using its mac address.

Hi Ahmed,

If that is the case then the mac address "001e.8c16.c362" is not in the arp table of your 3560.
There must be some communication (simple ping atleast) from the 3560 so that it can store the mac address in its arp table.

Now your choice is to findout that mac address in the mac table of your 2960 switch (sh mac-a table)


Please rate the helpfull posts.
Regards,
Naidu.

Hello,

The posibility is that device in question does not answer a ping (e.g. FW on it blocking it or smth else). MAC ping will not also help as you will not get any ip from it.

Do you have DHCP server which is assisgning ip addresses in VLAN 999? If yes - then you can check it for ip-MAC correlation.

If not and device statically assigned with ip - then it is harder. There can be a chance that device is assigned with ip address which is in subnet different fron VLAN999 - and it will give you a trubble. One more thing you can do - is to connect laptop to any free port on 2960 and configure SPAN using Fa0/4 as a source port and the new port as destination. By that you will get all traffic coming from that device and hopefully there will be L3 packets where you can see ip address.

The last way - is just go and trace cable to device - but I guess that is not an option for you now.

Nik

HTH,
Niko

Hello Nik,

The prob is I have no idea which IP it is on. I only have its mac address, our devices in the office network has all of their IP's static, anyway I ran a network scan using a third party software and now I am just planing to ping all the devices seperatly from core so that it can atleast save all the ip's on the arp table. I couldn't find a better solution for that.

That's the only thing that I would try at last. I have use Cola soft in the past.

http://www.colasoft.com/mac_scanner/

Cheers,

-amit singh

Hi Ahmed,

from the below output,

core#sh ip arp 001e.8c16.c362

core#

If you see the arp table is empty for a specific mac then the interface vlan is not created in that switch and hence it is a routed packet.

++ Hence go to the switch where the SVI is created for that vlan, and then try the command " sh arp | i 001e.8c16.c362"

As you aware whenever the packet gets routed, the source and the destination mac gets changed whereas the source & destination ip remains unchanged.

Hope this answers your question.

Cheers

Somu

Rate helpful posts

There is a trick for finding IP addresses on Layer 2 only switches.  ... only works if the client is getting it's IP via DHCP through the switch.  Turn on DHCP snooping, then you can use this command...

chinche#sh ip dhcp snooping binding

MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface

------------------  ---------------  ----------  -------------  ----  --------------------

00:26:F2:5D:C4:41   10.0.1.175   3332        dhcp-snooping   5     GigabitEthernet1/0/17

14:D6:4D:28:F0:41   10.0.1.133   2196        dhcp-snooping   5     GigabitEthernet1/0/17

68:7F:74:D1:0D:41   10.0.1.68    1878        dhcp-snooping   5     GigabitEthernet1/0/22

00:1F:E2:16:BE:41   10.0.1.116   3427        dhcp-snooping   5     GigabitEthernet1/0/17

Do SPAN on that port in question as I advisd before. It will provide you with all packets coming from that device. If those packets are L3 - you will get the ip.

Nik

HTH,
Niko