Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Show who is connected to the fastEthernet port of catalyst 2950

Reply
Thread Tools

Show who is connected to the fastEthernet port of catalyst 2950

 
 
ns
Guest
Posts: n/a
 
      10-06-2004
Hi,

By using Catalyst 2950-48, how it's possible to know ip address of host by
giving the mac-address ?

For the moment, i juste know the mac-address of network card connected to
the specified port. For exemple :

#sh mac-address-table
40 0004.758a.549z DYNAMIC Fa0/1

and "sh ip arp" don't gives the ip address, i suppose because my 2950 is not
router (L3 Routing), so, no arp table on catalyst 2950.

So, i need to report all ip address of hosts connected to the catalyst 2950.
How can i do it ?

Thank You very much for your help

Best Regards
NS


 
Reply With Quote
 
 
 
 
Paul Kendall
Guest
Posts: n/a
 
      10-06-2004
I think you are looking for information that is not available in the 2950.
the 2950 is a switch so is only aware of layer 2 protocols.

You will have to work back to your router...You should simple be able to
show arp on the router and cross-reference the MAC addresses in both devices
to determine the information that you are looking for.

I think you are right on the money with your command just on the wrong
device. I just looked at our Router and Switches and was able to make the
associations. you should be good to go.

Let me know if that helps or not

Paul Kendall.
"ns" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> Hi,
>
> By using Catalyst 2950-48, how it's possible to know ip address of host by
> giving the mac-address ?
>
> For the moment, i juste know the mac-address of network card connected to
> the specified port. For exemple :
>
> #sh mac-address-table
> 40 0004.758a.549z DYNAMIC Fa0/1
>
> and "sh ip arp" don't gives the ip address, i suppose because my 2950 is
> not
> router (L3 Routing), so, no arp table on catalyst 2950.
>
> So, i need to report all ip address of hosts connected to the catalyst
> 2950.
> How can i do it ?
>
> Thank You very much for your help
>
> Best Regards
> NS
>
>



 
Reply With Quote
 
 
 
 
ED
Guest
Posts: n/a
 
      10-06-2004
sh ip route


"ns" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> By using Catalyst 2950-48, how it's possible to know ip address of
> host by
> giving the mac-address ?
>
> For the moment, i juste know the mac-address of network card connected
> to
> the specified port. For exemple :
>
> #sh mac-address-table
> 40 0004.758a.549z DYNAMIC Fa0/1
>
> and "sh ip arp" don't gives the ip address, i suppose because my 2950
> is not
> router (L3 Routing), so, no arp table on catalyst 2950.
>
> So, i need to report all ip address of hosts connected to the catalyst
> 2950.
> How can i do it ?
>
> Thank You very much for your help
>
> Best Regards
> NS
>
>



 
Reply With Quote
 
Hansang Bae
Guest
Posts: n/a
 
      10-06-2004
In article <(E-Mail Removed)>, http://www.velocityreviews.com/forums/(E-Mail Removed) says...
> Hi,
>
> By using Catalyst 2950-48, how it's possible to know ip address of host by
> giving the mac-address ?
>
> For the moment, i juste know the mac-address of network card connected to
> the specified port. For exemple :
>
> #sh mac-address-table
> 40 0004.758a.549z DYNAMIC Fa0/1
>
> and "sh ip arp" don't gives the ip address, i suppose because my 2950 is not
> router (L3 Routing), so, no arp table on catalyst 2950.
>
> So, i need to report all ip address of hosts connected to the catalyst 2950.
> How can i do it ?
>
> Thank You very much for your help


You can't get L3 information from an L2 device. But if your management
VLAN is in the same subnet as the users, ping the IPs from your switch
and do a sho arp. Or you can do a "sho ip arp" from the router and
match up the IP/MAC to the MAC on the switch.

--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
Robert B. Phillips II
Guest
Posts: n/a
 
      10-06-2004
NS,
Correct me if I am wrong group, but the 2950 I think does keep an
ARP table, it just doesn't use the ARP entries for L2 switching. In
theory, if the switch has an IP address and the device attached to the
switch can successfully ping it, the switch should keep that devices
IP address in it's ARP table until it ages out. I think the switch
will only pick the device up in it's ARP table if you ping it directly
and not just ping through it. This is obviously not the solution you
were looking for, but if you were in a fix or something it might be
possible to get that information from the switch.

Good luck
-Robert

"ns" <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> Hi,
>
> By using Catalyst 2950-48, how it's possible to know ip address of host by
> giving the mac-address ?
>
> For the moment, i juste know the mac-address of network card connected to
> the specified port. For exemple :
>
> #sh mac-address-table
> 40 0004.758a.549z DYNAMIC Fa0/1
>
> and "sh ip arp" don't gives the ip address, i suppose because my 2950 is not
> router (L3 Routing), so, no arp table on catalyst 2950.
>
> So, i need to report all ip address of hosts connected to the catalyst 2950.
> How can i do it ?
>
> Thank You very much for your help
>
> Best Regards
> NS

 
Reply With Quote
 
ns
Guest
Posts: n/a
 
      10-08-2004
Hi,

Thank your for your answer.

i have multiples VLAN and i don't have router on the VLAN in question.
i can get mac address from windows machine by pinging the hosts and run
"arp -a" from windows.

i need to find association between mac-address and ip address directly from
switche 2950, and it's maybe not possible !

Thanks a lot

Best Regards
NS


"Paul Kendall" <(E-Mail Removed)> a écrit dans le message de
news:l8V8d.77037$(E-Mail Removed)...
> I think you are looking for information that is not available in the 2950.
> the 2950 is a switch so is only aware of layer 2 protocols.
>
> You will have to work back to your router...You should simple be able to
> show arp on the router and cross-reference the MAC addresses in both

devices
> to determine the information that you are looking for.
>
> I think you are right on the money with your command just on the wrong
> device. I just looked at our Router and Switches and was able to make the
> associations. you should be good to go.
>
> Let me know if that helps or not
>
> Paul Kendall.
> "ns" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> > Hi,
> >
> > By using Catalyst 2950-48, how it's possible to know ip address of host

by
> > giving the mac-address ?
> >
> > For the moment, i juste know the mac-address of network card connected

to
> > the specified port. For exemple :
> >
> > #sh mac-address-table
> > 40 0004.758a.549z DYNAMIC Fa0/1
> >
> > and "sh ip arp" don't gives the ip address, i suppose because my 2950 is
> > not
> > router (L3 Routing), so, no arp table on catalyst 2950.
> >
> > So, i need to report all ip address of hosts connected to the catalyst
> > 2950.
> > How can i do it ?
> >
> > Thank You very much for your help
> >
> > Best Regards
> > NS
> >
> >

>
>



 
Reply With Quote
 
ns
Guest
Posts: n/a
 
      10-08-2004
Hi,

<sh ip route> is not implemented on 2950. it's used for L3.

ThankYou

NS

"ED" <(E-Mail Removed)> a écrit dans le message de
news:YaV8d.2167$Ua.836@trndny01...
> sh ip route
>
>
> "ns" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi,
> >
> > By using Catalyst 2950-48, how it's possible to know ip address of
> > host by
> > giving the mac-address ?
> >
> > For the moment, i juste know the mac-address of network card connected
> > to
> > the specified port. For exemple :
> >
> > #sh mac-address-table
> > 40 0004.758a.549z DYNAMIC Fa0/1
> >
> > and "sh ip arp" don't gives the ip address, i suppose because my 2950
> > is not
> > router (L3 Routing), so, no arp table on catalyst 2950.
> >
> > So, i need to report all ip address of hosts connected to the catalyst
> > 2950.
> > How can i do it ?
> >
> > Thank You very much for your help
> >
> > Best Regards
> > NS
> >
> >

>
>



 
Reply With Quote
 
ns
Guest
Posts: n/a
 
      10-08-2004
Hi,

i cannot ping ip address... because it's exactly what's i need to know !
i have mac-address and i need to know ip address associated to this mac.

And when i ping one host connected to the 2950, the <sh ip arp> don't print
mac address of the host pingued !

At the end, i need to know ip address of all the hosts connected to the
2950.

ThankYou very much
NS


"Hansang Bae" <(E-Mail Removed)> a écrit dans le message de
news:(E-Mail Removed)...
> In article <(E-Mail Removed)>, (E-Mail Removed) says...
> > Hi,

>
> You can't get L3 information from an L2 device. But if your management
> VLAN is in the same subnet as the users, ping the IPs from your switch
> and do a sho arp. Or you can do a "sho ip arp" from the router and
> match up the IP/MAC to the MAC on the switch.
>
> --
>
> hsb
>
> "Somehow I imagined this experience would be more rewarding" Calvin
> *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
> ************************************************** ******************
> Due to the volume of email that I receive, I may not not be able to
> reply to emails sent to my account. Please post a followup instead.
> ************************************************** ******************



 
Reply With Quote
 
ns
Guest
Posts: n/a
 
      10-08-2004
Hi Robert,

Exactly, i can print arp table of 2950 by running <sh ip arp> but the list
is very small

As i mentionned on the previous message,
When i ping (FROM 2950) one host connected to the 2950, the <sh ip arp>
don't print mac address of the host pingued !

It's seem not possible to associate mac and ip address from switch 2950.
I think that a only solution to do it is by hand (manually by using file
listing mac-address...)

My L3 switches and routers are connected to another networks, so, i can't
have information from this hosts and routing is not enabled to access to the
network provided by my 2950.

ThankYou very much
NS


"Robert B. Phillips II" <(E-Mail Removed)> a écrit dans le message de
news:(E-Mail Removed) m...
> NS,
> Correct me if I am wrong group, but the 2950 I think does keep an
> ARP table, it just doesn't use the ARP entries for L2 switching. In
> theory, if the switch has an IP address and the device attached to the
> switch can successfully ping it, the switch should keep that devices
> IP address in it's ARP table until it ages out. I think the switch
> will only pick the device up in it's ARP table if you ping it directly
> and not just ping through it. This is obviously not the solution you
> were looking for, but if you were in a fix or something it might be
> possible to get that information from the switch.
>
> Good luck
> -Robert



 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      10-08-2004
In article <(E-Mail Removed)>, ns <(E-Mail Removed)> wrote:
:And when i ping one host connected to the 2950, the <sh ip arp> don't print
:mac address of the host pingued !

:At the end, i need to know ip address of all the hosts connected to the
:2950.

The behaviour you are seeing is as expected. The 2950 only keeps
arp entries for the devices that talk to the 2950 management layer;
everything else is flow-through.

Even if the 2950 was a layer 3 device (e.g., if you had a 3550 instead),
you would still run into the difficulty that the arp table ages out
entries in about 3 minutes [not exactly true for 'fast path' switching
on Cisco routers: according to something I read earlier today, 'fast'
switching randomly invalidates 20% of the ARP table every minute to
compensate for the fact that the later packets in the flow bypass the
processing that would update the ARP tables.] If you don't happen to
catch the entry in that L3 device within the 3 minute window, then you
won't be able to find the IP address by asking the L3 device. This
is, as you have noticed, a big pain when you are trying to track
down which IP belongs with which MAC.

You have several possible avenues to proceed:

1) send broadcast packets to all of your subnets from "beyond"
the next L3 device [so that the responses flow through the L3 device],
hope the devices all answer the broadcast, and then look at the ARP tables
on the L3 device before the ARP entries. With this approach, you can't just
ping [or whatever] from the near side of the L3 device, as the responses
in that case will travel through the L2 switches path to get to you
and will not be registered by the L3 device. But this depends on
you having access to the L3 device and upon you being able to read
out the entire ARP table before the responses time out and upon
the device responding to your probe packet.

2) SPAN or RSPAN all of the traffic going through the 2950 to a port,
and have a device with monitoring software attached to that port that
records MAC and IP addresses, such as by looking at ARP reply packets.
time out. Be careful, though: I don't know about the 2950, but I have
seen on some switches that when packets get spanned (or "mirrored")
that the source MAC address might get replaced with the MAC address
associated with the port you are spanning to. This mechanism
should, though, be able to track the target host if it "talks" at all
during the monitoring window.

3) If you have reason to believe that all of the IP addresses you are
trying to track down will be in the same subnet as you are, then you
can attach monitoring software to any port on the 2950 that is in the
same VLAN as the suspected target, and then have the monitoring
host send a broadcast packet to that IP subnet. If the device is amongst
those that respond, read the IP source out of the reply packet.
But the device might not respond to your probe packet.

4) If you have reason to believe that all of the IP addresses you are
trying to track down will be in the same vlan as you are, then you
can attach monitoring software to any port on the 2950 that is in
that vlan and passively watch for ARP or other broadcast packets that
originate from the target MAC and read out the IP addresses on those.
This relies on the fact that the when a switch does not know which
port a destination MAC is associated with, that it floods the packet
to all ports in the same vlan, so anything you receive at the
monitoring host will be a flooded packet such as a broadcast packet.
This mechanism should be able to track the target host if it happens
to send a broadcast packet during the monitoring window... which is
likely but not always the case (e.g., servers that receive requests
and reply within the ARP timeout period will know the target MAC
from request packet, and so might never need to send out an ARP or
other broadcast packet.)
--
Reviewers should be required to produce a certain number of
negative reviews - like police given quotas for handing out
speeding tickets. -- The Audio Anarchist
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
anyone know about: vlan trunking with catalyst 1900 to any other iosdevice (catalyst 2950) Neddy Cisco 8 05-27-2009 04:37 PM
how to get mac connected to 3725/3745/3825 fastethernet module Stefan Finzel Cisco 2 05-15-2009 12:57 AM
need help - port aggregation, catalyst 2950 - 2940 Pawel Cisco 1 07-16-2004 11:37 PM
last use of Port on Catalyst 2950 Tobias Cisco 8 06-17-2004 11:32 AM
Port-security on 16-port FastEthernet module (NM-ESW-16) Dmitry Cisco 0 04-01-2004 06:38 PM



Advertisments