A core switch maintains an ARP table that maps a devices MAC address to its IP Address. You can easily display this table by entering "show ip arp" but it isn't sorted and on a large network will contain thousands of entries.
I wrote a simple python 3 script (ARP-Sort) that takes the output, cleans it up and then displays it in four sections:
IP address only
IP address and MAC address
IP address, MAC address and VLAN ID
IP address, MAC address and manufacturer.
Here is a snippet of the output:
Number of IP Addresses: 839 10.10.246.52 10.10.246.53 10.10.246.54
Number of IP and MAC Addresses: 839 10.10.246.52 2c31.2451.7fc1 10.10.246.53 286f.7f68.4c80 10.10.246.54 286f.7f68.5400
Number IP, MAC and VLAN: 839 10.10.246.52 2c31.2451.7fc1 246 10.10.246.53 286f.7f68.4c80 246 10.10.246.54 286f.7f68.5400 246
Number IP, MAC and Manufacture: 839 10.10.246.52 2c31.2451.7fc1 Vendor(manuf='Cisco', comment=None) 10.10.246.53 286f.7f68.4c80 Vendor(manuf='Cisco', comment=None) 10.10.246.54 286f.7f68.5400 Vendor(manuf='Cisco', comment=None)
One issue is that the ARP table will delete devices that haven't communicated for a while. You can try to ping the broadcast mask - ping 10.10.246.255 - but a lot of devices don't respond to a broadcast ping. I wrote a script that takes the output from "sh run | i ^interface|^_ip address" and parses subnets and pings all host. I have had good luck with this script refreshing the switch's arp table. The script is available here https://github.com/rikosintie/pingSVI
I use the output for several things. If I'm replacing a core switch I will save the output before the change then run it after the change. Since the output is sorted it's easy to use a file diff tool so see any differences. I use Meld (Meld File compare) on Linux\Windows to compare files. On Windows, Notepad++ is also a good tool.
I also use a free tool called PingInfoView from nirsoft.net. This tool takes a text file with IP/Host name entries and pings each device. I just run sh ip arp vlan x for the vlan of interest, run the script and paste the output into PingInfoView. It uses the MAC as the hostname but that is fine for a lot of situations. I set up a separate monitor off my laptop and create a "Dashboard" of PingInfoViews for Servers, Switches, Vlans, etc. that are critical.
Finally, I use the output with the manufacturer to look for specific manufactures. If you need to look for devices on specific interfaces I wrote another script that takes the output of "show mac add int g1/0/1 | i Gi" and maps MAC addresses to interfaces. Here is output from it: Number Entries: 305
Hi Everyone,I have 2 queries1. After we configure the IPSec VPN in a Cisco Router, how do we identify and check that the traffic is flowing through the tunnel? Are there any commands and ways to find it out?2. What are some of t...
Cisco Champion Radio · S7|E29 Increase Visibility and Enhance Security with Cisco AI Endpoint Analytics
Cisco is on a journey to making networking smarter with artificial intelligence and machine learning. The latest stop in this journey, Cisco AI...
Community Live video- Introduction to Smart Licensing on Catalyst Switches
(Live event - formerly known as Webcast- Thursday 30 July, 2020 at 10 am Pacific/ 1 pm Eastern / 7 pm Paris)
This event had place on Thursday 30th, July 2020 at 10hrs PDT&nb...
To participate in this event, please use the button to ask your questions
This topic is a chance to clarify your questions about smart licensing on Cisco Catalyst switches, including 9000 (9200, 93...