A core switch maintains an ARP table that maps a devices MAC address to its IP Address. You can easily display this table by entering "show ip arp" but it isn't sorted and on a large network will contain thousands of entries.
I wrote a simple python 3 script (ARP-Sort) that takes the output, cleans it up and then displays it in four sections:
- IP address only
- IP address and MAC address
- IP address, MAC address and VLAN ID
- IP address, MAC address and manufacturer.
Here is a snippet of the output:
Number of IP Addresses: 839
10.10.246.52
10.10.246.53
10.10.246.54
...
Number of IP and MAC Addresses: 839
10.10.246.52 2c31.2451.7fc1
10.10.246.53 286f.7f68.4c80
10.10.246.54 286f.7f68.5400
...
Number IP, MAC and VLAN: 839
10.10.246.52 2c31.2451.7fc1 246
10.10.246.53 286f.7f68.4c80 246
10.10.246.54 286f.7f68.5400 246
...
Number IP, MAC and Manufacture: 839
10.10.246.52 2c31.2451.7fc1 Vendor(manuf='Cisco', comment=None)
10.10.246.53 286f.7f68.4c80 Vendor(manuf='Cisco', comment=None)
10.10.246.54 286f.7f68.5400 Vendor(manuf='Cisco', comment=None)
...
One issue is that the ARP table will delete devices that haven't communicated for a while. You can try to ping the broadcast mask - ping 10.10.246.255 - but a lot of devices don't respond to a broadcast ping. I wrote a script that takes the output from "sh run | i ^interface|^_ip address" and parses subnets and pings all host. I have had good luck with this script refreshing the switch's arp table. The script is available here https://github.com/rikosintie/pingSVI
I use the output for several things. If I'm replacing a core switch I will save the output before the change then run it after the change. Since the output is sorted it's easy to use a file diff tool so see any differences. I use Meld (Meld File compare) on Linux\Windows to compare files. On Windows, Notepad++ is also a good tool.
I also use a free tool called PingInfoView from nirsoft.net. This tool takes a text file with IP/Host name entries and pings each device. I just run sh ip arp vlan x for the vlan of interest, run the script and paste the output into PingInfoView. It uses the MAC as the hostname but that is fine for a lot of situations. I set up a separate monitor off my laptop and create a "Dashboard" of PingInfoViews for Servers, Switches, Vlans, etc. that are critical.
Finally, I use the output with the manufacturer to look for specific manufactures. If you need to look for devices on specific interfaces I wrote another script that takes the output of "show mac add int g1/0/1 | i Gi" and maps MAC addresses to interfaces. Here is output from it:
Number Entries: 305
Vlan MAC Address Interface
30 001e.f728.ab8f Gi1/0/1 Vendor(manuf='Cisco', comment=None)
****************************************************************************
30 2c27.d751.48d8 Gi1/0/1 Vendor(manuf='HewlettP', comment=None)
****************************************************************************
This script is available here - MAC2Manuf