Editing
Switch Control
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
= Finding which IPs are on a port = If you need to find out which IPs are on a particular port, start by finding out what mac addresses are on which port: <pre>switch-p1> en switch-p1#show mac-address-table Dynamic Address Count: 53 Secure Address (User-defined) Count: 0 Static Address (User-defined) Count: 0 System Self Address Count: 48 Total MAC addresses: 101 Maximum MAC addresses: 2048 Non-static Address Table: Destination Address Address Type VLAN Destination Port ------------------- ------------ ---- -------------------- 0002.b315.3201 Dynamic 1 FastEthernet0/8 0002.b3a6.f354 Dynamic 1 FastEthernet0/1 0002.b3bb.45fe Dynamic 1 FastEthernet0/7 0002.b3e9.226b Dynamic 1 FastEthernet0/4 0002.b3e9.868c Dynamic 1 FastEthernet0/13 0002.b9b1.4c01 Dynamic 1 FastEthernet0/24 0004.75a1.91f1 Dynamic 1 FastEthernet0/24 0006.5b3d.80fb Dynamic 1 FastEthernet0/1 0006.d78a.c798 Dynamic 1 FastEthernet0/1 0007.e90d.e4c9 Dynamic 1 FastEthernet0/24 0007.e95b.c645 Dynamic 1 FastEthernet0/1 000c.f1d3.a7f9 Dynamic 1 FastEthernet0/1 000c.f1dc.f1ce Dynamic 1 FastEthernet0/3 000c.f1fa.71d7 Dynamic 1 FastEthernet0/24 000d.56fe.ad72 Dynamic 1 FastEthernet0/24 000e.0c59.c1a6 Dynamic 3 FastEthernet0/22 000f.1f64.43bc Dynamic 1 FastEthernet0/24 0010.e002.473b Dynamic 1 FastEthernet0/24 0011.0924.1d91 Dynamic 1 FastEthernet0/15 0011.1108.58a6 Dynamic 1 FastEthernet0/24 0011.1119.791e Dynamic 1 FastEthernet0/24 0020.ed91.f85d Dynamic 1 FastEthernet0/1 0030.4828.9d50 Dynamic 1 FastEthernet0/1 0030.4841.5246 Dynamic 1 FastEthernet0/5 0030.4870.8332 Dynamic 1 FastEthernet0/1 0030.4870.8898 Dynamic 1 FastEthernet0/1 0030.4871.b911 Dynamic 1 FastEthernet0/23 0050.455b.b27e Dynamic 1 FastEthernet0/14 0050.50be.f9c8 Dynamic 3 FastEthernet0/22 0060.089a.8f70 Dynamic 1 FastEthernet0/24 0090.27f9.0abf Dynamic 1 FastEthernet0/2 0090.27f9.1b53 Dynamic 1 FastEthernet0/24 00b0.d020.b557 Dynamic 1 FastEthernet0/9 00b0.d020.df60 Dynamic 1 FastEthernet0/1 00b0.d020.fc4a Dynamic 1 FastEthernet0/1 00b0.d049.125b Dynamic 1 FastEthernet0/1 00b0.d049.16a4 Dynamic 1 FastEthernet0/1 00b0.d049.98e4 Dynamic 1 FastEthernet0/24 00b0.d049.a43e Dynamic 1 FastEthernet0/24 00b0.d049.d03c Dynamic 1 FastEthernet0/1 00b0.d049.d61f Dynamic 1 FastEthernet0/1 00b0.d049.e643 Dynamic 1 FastEthernet0/1 00b0.d068.1911 Dynamic 1 FastEthernet0/10 00b0.d068.490b Dynamic 1 FastEthernet0/24 001e.c95a.d225 Dynamic 1 FastEthernet0/12 00b0.d068.7599 Dynamic 1 FastEthernet0/24 00b0.d068.8451 Dynamic 1 FastEthernet0/6 00b0.d0b0.306b Dynamic 1 FastEthernet0/1 00b0.d0b0.4020 Dynamic 1 FastEthernet0/11 00b0.d0b0.70bd Dynamic 1 FastEthernet0/1 00b0.d0b0.c5a4 Dynamic 1 FastEthernet0/1 00b0.d0b0.f533 Dynamic 1 FastEthernet0/24 0800.20c2.1de3 Dynamic 3 FastEthernet0/22</pre> Let's say you want to know what IP's are on port 12. We see the mac address is 001e.c95a.d225 If we look that up in the router we can find the arp'd IP on that mac address: Castle (3750): <pre> E-mon-3750>en E-mon-3750#show arp | include 001e.c95a.d225 Internet 69.55.228.149 39 001e.c95a.d225 ARPA Vlan50 Internet 69.55.228.137 39 001e.c95a.d225 ARPA Vlan50 Internet 69.55.238.164 39 001e.c95a.d225 ARPA Vlan50 Internet 69.55.228.172 38 001e.c95a.d225 ARPA Vlan50 Internet 69.55.228.212 40 001e.c95a.d225 ARPA Vlan50 Internet 69.55.238.212 39 001e.c95a.d225 ARPA Vlan50 Internet 69.55.228.196 25 001e.c95a.d225 ARPA Vlan50 Internet 69.55.234.24 38 001e.c95a.d225 ARPA Vlan50 Internet 69.55.234.25 40 001e.c95a.d225 ARPA Vlan50 Internet 69.55.234.27 39 001e.c95a.d225 ARPA Vlan50 Internet 69.55.234.30 34 001e.c95a.d225 ARPA Vlan50 Internet 69.55.234.31 26 001e.c95a.d225 ARPA Vlan50 Internet 69.55.234.16 40 001e.c95a.d225 ARPA Vlan50 Internet 69.55.234.19 39 001e.c95a.d225 ARPA Vlan50 Internet 69.55.236.18 38 001e.c95a.d225 ARPA Vlan50 Internet 69.55.236.14 23 001e.c95a.d225 ARPA Vlan50 Internet 69.55.234.14 40 001e.c95a.d225 ARPA Vlan50 Internet 69.55.234.15 42 001e.c95a.d225 ARPA Vlan50 Internet 69.55.234.3 53 001e.c95a.d225 ARPA Vlan50 Internet 69.55.234.5 40 001e.c95a.d225 ARPA Vlan50 Internet 69.55.234.6 26 001e.c95a.d225 ARPA Vlan50 Internet 69.55.234.57 38 001e.c95a.d225 ARPA Vlan50 Internet 69.55.230.53 38 001e.c95a.d225 ARPA Vlan50 </pre> And we can look at some of these IPs and we quickly realize that they all belong to jail2 and if we look at jail2 we also see the correlation with the mac (<tt>ether 00:1e:c9:5a:d2:25</tt>): <pre>jail2 /root# ifconfig bce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=1bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4> ether 00:1e:c9:5a:d2:27 inet 10.1.4.102 netmask 0xffffff00 broadcast 10.1.4.255 media: Ethernet autoselect (100baseTX <full-duplex>) status: active bce1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=1bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4> ether 00:1e:c9:5a:d2:25 inet 69.55.228.53 netmask 0xffffff00 broadcast 69.55.228.255 inet 69.55.227.56 netmask 0xffffff00 broadcast 69.55.227.255 inet 69.55.227.57 netmask 0xffffffff broadcast 69.55.227.57 inet 69.55.227.58 netmask 0xffffffff broadcast 69.55.227.58 inet 69.55.227.59 netmask 0xffffffff broadcast 69.55.227.59 inet 69.55.227.60 netmask 0xffffffff broadcast 69.55.227.60 -SNIP- </pre> If we are doing the lookup at i2b: <pre> firewall2 /usr/home/user# arp -a | grep 00:0c:29:be:0f:e3 ? (69.55.229.150) at 00:0c:29:be:0f:e3 on bge1 [ethernet] firewall2 /usr/home/user# </pre> Note how we have to format the mac address differently than we do on a cisco switch. The same search works in reverse. Let's say you have an IP and you want to know which port it's on. First lookup the IP: Castle: <pre> E-mon-3750#show arp | include 69.55.227.4 Internet 69.55.227.4 78 0030.4828.9d50 ARPA Vlan50 Internet 69.55.227.49 0 Incomplete ARPA Internet 69.55.227.48 0 Incomplete ARPA Internet 69.55.227.41 0 Incomplete ARPA Internet 69.55.227.40 0 Incomplete ARPA Internet 69.55.227.43 0 Incomplete ARPA Internet 69.55.227.42 0 Incomplete ARPA Internet 69.55.227.45 0 Incomplete ARPA Internet 69.55.227.44 0 Incomplete ARPA Internet 69.55.227.47 179 001e.c95a.d54f ARPA Vlan50 Internet 69.55.227.46 0 Incomplete ARPA E-mon-3750# </pre> i2b: <pre>firewall2 /usr/home/user# arp -a | grep 69.55.229.156 ? (69.55.229.156) at 00:15:17:da:2e:fb on bge1 [ethernet]</pre> So we take that mac (e.x. 0030.4828.9d50) and on each of our switches we run: <pre>switch-p1> en switch-p1#show mac-address-table | include 0030.4828.9d50 </pre> until we find the port. Note, some ios's may not let you run the include command, if so just run <tt>show mac-address-table </tt> without the include
Summary:
Please note that all contributions to JCWiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
JCWiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information