Archive

Archive for October, 2013

How to track down which switch port a device is connected to on a Cisco switch

How to track down a computer, printer, network node etc.. by using only it’s MAC Address:

Telnet/SSH into your Layer 3 Core switch or router device on your LAN:

L3Core#sh mac address-table

Find the mac address you are looking for like this one:

100 0000.0000.0000 dynamic ip,ipx,assigned,other TenGigabitEthernet1/1/12

Then type in “show cdp neighbor” to see which switch/router is connected to TenGigabitEthernet1/1/12. It’s whatever the next hop is and is most likely a trunk port:

L3Core#sh cdp neighbor

Output –> Cisco-3548-Closet Ten 1/1/12 147 T S Cisco-3548-Closet- Gig 0/1 (<– This output tells me that it is going out Gig0/1 which is also a trunk/uplink port to another switch)

Then telnet/ssh into the next 3548 Cisco switch or whatever switch this is connected to and run this command:

Cisco-3548-Closet2#sh mac address address 0000.0000.0000 (<– whatever the mac address is of the device you are trying to find. In my example I use all 0's)

You will see then see the output of what port that it is connected to:

Cisco-3548-Closet2#sh mac address address 0000.0000.0000
Mac Address Table
——————————————-

Vlan Mac Address Type Ports
—- ———– ——– —–
100 0000.0000.0000 DYNAMIC Gi0/47
Total Mac Addresses for this criterion: 1

If you then study the output above you can see that MAC Address 0000.0000.0000 is going out of port 47 on the Closet2 Switch. If you then trace that port to the patch panel and back to the port on the wall that is labeled with that patch panel port # then you will now know where and what device belongs to that MAC Address!

It is a long process if you don't have but one layer 3 device (because L2 doesn't know IP addresses only MAC Addresses, useful if you have the IP) because of course your layer 3 device that is handling all of the routing will tell you its going out its trunk port to the next hop unless of course its connected directly to the core router/switch that most of the time houses fiber connections back to communication closets where all the layer 2 switches reside.

Please take note above in the last command entered that you have to enter in the word "address" twice on some older Cisco gear. Not sure if newer IOS's have it changed or not…

So in conclusion sometimes it takes a few steps to track down a specific MAC and or IP Address on the network but it can be done fairly quickly when you get used to the commands above. On large enterprise networks with thousands of switch ports these commands are very useful when your System Admins, DBA's, Tech's etc.. ask you what port on the network is such and such device plugged into. You can now smile, load up your favorite terminal emulation program like Putty, SuperPutty, my personal favorite SecureCRT or even a command prompt if telnet access is open and within minutes have an answer for them 🙂

Categories: Cisco Tags: , ,