- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2023 05:44 AM
Good Day,
I have a Catalyst switch with a WAP connected to one port, when I perform a "sh mac address-table" I receive a bunch of MAC addresses of the devices connected to the WAP. Is there any way to only get information for devices physically connected to to an access port?
Thank you in advance
Solved! Go to Solution.
- Labels:
-
Other Switches
-
Other Switching
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2023 06:51 AM
Thanks for all of the input, I believe I have come up a workable solution.
First off to clarify. What I want is a list of devices that are physically connected to the switch and nothing else. My issue with the MAC addresses shown on the WAP ports is that they are non-existent so confirming the validity is futile.
My solution is to work with the output provided. I've appended a basic regex to my sh mac address-table command which will include only VLANs I want (in this case I want to exclude the WAP VLAN) and make sure the MAC is associate with a physical port.
sh mac address-table | include (.*120|121|162|163)(.*Gi)
This does the trick and I am now pulling the MAC addresses of devices directly connected to a switch port.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2023 07:52 AM
That's fine!
Basically, the "inverse" of my "Doesn't MAC table show associated port? If so, exclude port connected to AP.", but perhaps I should have further clarified what I had in mind for how to exclude (i.e. using sh mac address-table | exclude <reg-ex for WAP port>). If what I had in mind, can be used, in theory, it might be easier to maintain.
Your approach, though, offers the advantage of NOT including extraneous data, like the table's headers, etc.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2023 05:46 AM
Show cdp can help you I think
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2023 05:48 AM
sh mac address interface <PORT>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2023 07:04 AM
Thank for the quick response. Running sh cdp neighbors I only see the MAC address of the core switch connected to it but I see no other endpoints.
sh mac address interface <PORT> shows all MAC addresses connected to the WAP (as well as the WAPs MAC). These addresses appear to be fake and I'm trying to figure out the best way to validate connected devices are authorized.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2023 07:45 AM
Use any l2 auth' otherwise you dont know which mac for which wireless client
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2023 04:10 PM
Uhhhhh ... Wut?
You want to see the MAC addresses from a port connected to a Cisco AP? Not going to happen. The only MAC address will be of the AP. Everything from that port is encapsulated inside a CAPWAP tunnel.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2023 04:22 PM
if he use local switching then the mac of wifi host will appear in mac address table
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2023 04:52 PM
True for LWAP, not true for a non-LWAP AP. (I know, I know, who still use such.)
If a LWAP, you're correct, you wouldn't see the wireless host MACs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2023 09:07 AM
Doesn't MAC table show associated port? If so, exclude port connected to AP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2023 06:51 AM
Thanks for all of the input, I believe I have come up a workable solution.
First off to clarify. What I want is a list of devices that are physically connected to the switch and nothing else. My issue with the MAC addresses shown on the WAP ports is that they are non-existent so confirming the validity is futile.
My solution is to work with the output provided. I've appended a basic regex to my sh mac address-table command which will include only VLANs I want (in this case I want to exclude the WAP VLAN) and make sure the MAC is associate with a physical port.
sh mac address-table | include (.*120|121|162|163)(.*Gi)
This does the trick and I am now pulling the MAC addresses of devices directly connected to a switch port.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2023 07:52 AM
That's fine!
Basically, the "inverse" of my "Doesn't MAC table show associated port? If so, exclude port connected to AP.", but perhaps I should have further clarified what I had in mind for how to exclude (i.e. using sh mac address-table | exclude <reg-ex for WAP port>). If what I had in mind, can be used, in theory, it might be easier to maintain.
Your approach, though, offers the advantage of NOT including extraneous data, like the table's headers, etc.
