Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > 650x + multiple VLANs + l2trace on non-mgmt VLAN

Reply
Thread Tools

650x + multiple VLANs + l2trace on non-mgmt VLAN

 
 
papi
Guest
Posts: n/a
 
      05-15-2005
I give up I have a 6506, running hybrid, with switching and inter-VLAN
routing enabled, and multiple VLANs defined. I cannot figure out how to
run l2trace for systems belonging to other VLANs than the management one
(in an attempt to identify the port where a specific IP addressed system
is, which is not in the management VLAN).

I assume (?!?) that is because I am remotely logged into the management
VLAN and thus any attempts to identify the MAC of another VLAN system
failing: e.g.

my_switch> l2trace 172.30.0.1 172.30.0.5
Cannot find the corresponding MAC address for the source IP address
172.30.0.1. l2trace aborted.

-- where the mgmt VLAN interface I am logged in "through" being on
172.20.0.1

but the question is: how do I get access to those other VLANs, to be able
to l2trace IPs or MACs?!? I guess the question could be further
expanded (excluding the l2tracee mechanism): how do I find out the
ports where systems with a specific IP are plugged in, if those systems
belong to another VLAN than the management (and obviously I do NOT know
their MACs!!!)?!?Any ideas?!?

NOTE: I need - further - to span that port to another system which I just
placed in the same VLAN, for debugging purposes (but I think that part
would be easier?!?).


TIA,
papi
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      05-15-2005
In article <4287580c$0$28853$(E-Mail Removed)> ,
papi <(E-Mail Removed)> wrote:
:I give up I have a 6506, running hybrid, with switching and inter-VLAN
:routing enabled, and multiple VLANs defined. I cannot figure out how to
:run l2trace for systems belonging to other VLANs than the management one

I do not know anything about l2trace, but if it uses SNMP, then
you need to use SNMP "community indexing" or "snmp contexts"

ftp://ftp.cisco.com/pub/mibs/support...yIndexing.html
--
I was very young in those days, but I was also rather dim.
-- Christopher Priest
 
Reply With Quote
 
 
 
 
papi
Guest
Posts: n/a
 
      05-15-2005
On Sun, 15 May 2005 17:02:58 +0000, Walter Roberson wrote:

> In article <4287580c$0$28853$(E-Mail Removed)> ,
> papi <(E-Mail Removed)> wrote:
> :I give up I have a 6506, running hybrid, with switching and inter-VLAN
> :routing enabled, and multiple VLANs defined. I cannot figure out how to
> :run l2trace for systems belonging to other VLANs than the management one
>
> I do not know anything about l2trace, but if it uses SNMP, then
> you need to use SNMP "community indexing" or "snmp contexts"
>
> ftp://ftp.cisco.com/pub/mibs/support...yIndexing.html


Thank you for your answer - I am not sure what would be the syntax for
snmpwalk, though, in such a case:

$ sudo snmpwalk -v 1 -c public@vlan-<whatever> <IP-of-switch>

does not seem to work (with public@<> with or without quotes)?!?

NOTE: Your response gave me an idea, though, so I snmpwalked the switch,
looking for the IP, i.e.:

$ sudo snmpwalk -v 1 -c public <my_switch_IP> |grep <"the"-IP>

thus obtaining the MAC, then telnet-ed into the switch and running accross
the dynamic cam table, i.e.:

my_switch>show cam dynamic <my_vlan> | include <MAC-address>

and got the answer ... Hmmm - but I would love to automate this, somehow,
so the proper syntax to what you were suggesting may be the only "clean"
way.

Thx again,
papi
 
Reply With Quote
 
Arnold Nipper
Guest
Posts: n/a
 
      05-15-2005
On 15.05.2005 16:15 papi wrote

> I give up I have a 6506, running hybrid, with switching and inter-VLAN
> routing enabled, and multiple VLANs defined. I cannot figure out how to
> run l2trace for systems belonging to other VLANs than the management one
> (in an attempt to identify the port where a specific IP addressed system
> is, which is not in the management VLAN).
>
> I assume (?!?) that is because I am remotely logged into the management
> VLAN and thus any attempts to identify the MAC of another VLAN system
> failing: e.g.
>
> my_switch> l2trace 172.30.0.1 172.30.0.5
> Cannot find the corresponding MAC address for the source IP address
> 172.30.0.1. l2trace aborted.
>
> -- where the mgmt VLAN interface I am logged in "through" being on
> 172.20.0.1
>
> but the question is: how do I get access to those other VLANs, to be able
> to l2trace IPs or MACs?!? I guess the question could be further
> expanded (excluding the l2tracee mechanism): how do I find out the
> ports where systems with a specific IP are plugged in, if those systems
> belong to another VLAN than the management (and obviously I do NOT know
> their MACs!!!)?!?Any ideas?!?
>


Buna,

l2trace will only be successful for those MAC addresses which are in
your CAM table. So try to l2trace between two MAC addresses first. afaik
l2trace also uses CDP.




Arnold
--
Arnold Nipper, AN45
 
Reply With Quote
 
papi
Guest
Posts: n/a
 
      05-15-2005
On Sun, 15 May 2005 20:21:32 +0200, Arnold Nipper wrote:

> On 15.05.2005 16:15 papi wrote
>
>> I give up I have a 6506, running hybrid, with switching and inter-VLAN
>> routing enabled, and multiple VLANs defined. I cannot figure out how to
>> run l2trace for systems belonging to other VLANs than the management one
>> (in an attempt to identify the port where a specific IP addressed system
>> is, which is not in the management VLAN).
>>
>> I assume (?!?) that is because I am remotely logged into the management
>> VLAN and thus any attempts to identify the MAC of another VLAN system
>> failing: e.g.
>>
>> my_switch> l2trace 172.30.0.1 172.30.0.5
>> Cannot find the corresponding MAC address for the source IP address
>> 172.30.0.1. l2trace aborted.
>>
>> -- where the mgmt VLAN interface I am logged in "through" being on
>> 172.20.0.1
>>
>> but the question is: how do I get access to those other VLANs, to be able
>> to l2trace IPs or MACs?!? I guess the question could be further
>> expanded (excluding the l2tracee mechanism): how do I find out the
>> ports where systems with a specific IP are plugged in, if those systems
>> belong to another VLAN than the management (and obviously I do NOT know
>> their MACs!!!)?!?Any ideas?!?
>>

>
> Buna,
>
> l2trace will only be successful for those MAC addresses which are in
> your CAM table. So try to l2trace between two MAC addresses first. afaik
> l2trace also uses CDP.
>
> Arnold


Multumesc

See my other follow-up, regarding snmpwalk-ing the whole deal. I think
that there is an issue with where from you're trying to l2trace (different
VLAN may not show what's needed, while a combination of snmpwalk and cam
table lookup may provide the answer).

On the other observation - I had great hopes about a tool with CDP
capabilities, for obvious reasons (not having too manually traverse
switches, when a specific MAC is found across a trunk interface) ... but
that is another deal, altogether.

papi

 
Reply With Quote
 
dmcollin@optonline.net
Guest
Posts: n/a
 
      05-15-2005
PAPI,

STEP 1: ping the destination IP so your router knows about it and you
know its live
STEP 2: (Using Net-SNMP) 'snmpwalk -c <COMMSTRING> <router IP address>
ipNetToPhysAddress'
- this will return all the MAC-to-IP resolutions your router knows
of
STEP 3: On the switch, 'show cam dyn <MAC of target IP>'
- this will show you the port (or trunk) the MAC has been learned
through

That simple. True, if you have multiple switches and it is not
practical to issue the 'show cam ...' command on each of them, then you
can do as someone else in this thread suggested and use Cisco's SNMP
community indexing. But there is a lot more to it than that. You would
have to:
1) retrieve all MAC's from all VLAN's on each switch -dot1dTpFdbAddress
retrieves them in HEX to Decimal table form.
2)get the decimal MAC to "Bridge Port Identifier" translation. This is
an arbitrary # assigned to each decimal MAC - dot1dTpFdbPort.
3) get the "basePortIfIndex" to ifIndex translation. This translates
the arbitrary (or dynamic, if you prefer) # assigned to each MAC in a
VLAN to the arbitrarily (dynamically) assigned # to each port in the
switch - dot1dBasePortIfIndex
4) From here, you get the ifIndex to switch port name translation via
portName or locIfDescr (depending on how old your equipment is).

.... and there you go. If you are going to go this far into it, then it
also might help to weed out your trunk ports somewhere in the steps
below (cause the machine you are searching for would never be attached
to a trunk port, of course).

.... and, once you get this far and you have the ifIndex to port name
mappings, then you can get a whole flood of info; any table that is
associated with ifIndex will now be easily understoood, retrievable,
etc.

Give me a good NMS job and I will write you a million dollar app!
Dan

papi wrote:
> On Sun, 15 May 2005 20:21:32 +0200, Arnold Nipper wrote:
>
> > On 15.05.2005 16:15 papi wrote
> >
> >> I give up I have a 6506, running hybrid, with switching and

inter-VLAN
> >> routing enabled, and multiple VLANs defined. I cannot figure out

how to
> >> run l2trace for systems belonging to other VLANs than the

management one
> >> (in an attempt to identify the port where a specific IP addressed

system
> >> is, which is not in the management VLAN).
> >>
> >> I assume (?!?) that is because I am remotely logged into the

management
> >> VLAN and thus any attempts to identify the MAC of another VLAN

system
> >> failing: e.g.
> >>
> >> my_switch> l2trace 172.30.0.1 172.30.0.5
> >> Cannot find the corresponding MAC address for the source IP

address
> >> 172.30.0.1. l2trace aborted.
> >>
> >> -- where the mgmt VLAN interface I am logged in "through" being on
> >> 172.20.0.1
> >>
> >> but the question is: how do I get access to those other VLANs, to

be able
> >> to l2trace IPs or MACs?!? I guess the question could be further
> >> expanded (excluding the l2tracee mechanism): how do I find out the
> >> ports where systems with a specific IP are plugged in, if those

systems
> >> belong to another VLAN than the management (and obviously I do NOT

know
> >> their MACs!!!)?!?Any ideas?!?
> >>

> >
> > Buna,
> >
> > l2trace will only be successful for those MAC addresses which are

in
> > your CAM table. So try to l2trace between two MAC addresses first.

afaik
> > l2trace also uses CDP.
> >
> > Arnold

>
> Multumesc
>
> See my other follow-up, regarding snmpwalk-ing the whole deal. I

think
> that there is an issue with where from you're trying to l2trace

(different
> VLAN may not show what's needed, while a combination of snmpwalk and

cam
> table lookup may provide the answer).
>
> On the other observation - I had great hopes about a tool with CDP
> capabilities, for obvious reasons (not having too manually traverse
> switches, when a specific MAC is found across a trunk interface) ...

but
> that is another deal, altogether.
>
> papi


 
Reply With Quote
 
papi
Guest
Posts: n/a
 
      05-15-2005
Very good suggestions - all - I've mentioned part of those in the other
thread of "replies-to-answers", to my original posting. There are multiple
ways to "skin a cat", but none with immediately useful results - a bunch
of sed and awk one-liners, with SNMP, should give the desired output. I
also like the "|" capability (regex) of Cisco CLI, BUT - all in all - I
was interested in making l2trace work, though ...

thanks again for all answers,
papi

P.S.: it is ipNetToMediaPhysAddress, not ipNetToPhysAddress

On Sun, 15 May 2005 12:22:58 -0700, dmcollin wrote:

> PAPI,
>
> STEP 1: ping the destination IP so your router knows about it and you
> know its live
> STEP 2: (Using Net-SNMP) 'snmpwalk -c <COMMSTRING> <router IP address>
> ipNetToPhysAddress'
> - this will return all the MAC-to-IP resolutions your router knows
> of
> STEP 3: On the switch, 'show cam dyn <MAC of target IP>'
> - this will show you the port (or trunk) the MAC has been learned
> through

<snip>
 
Reply With Quote
 
dmcollin@optonline.net
Guest
Posts: n/a
 
      05-16-2005
Yes, yes ... ipNetToMediaPhysAddress and there are other similar ones
that would do the trick.

all of my L2TRACE experiences ended up with results like yours. That's
why I went for the app.

cheers.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows - Browsing across vlans and also DC's on separate vlans punisher Cisco 2 11-17-2005 03:41 PM
Wireless and VLANs - VLAN mapping causes authentication failure groupstudy2001@yahoo.co.uk Cisco 1 07-21-2005 01:05 PM
Vlan problems, ip connectivity failing on certain vlans Paul Groth Cisco 2 06-28-2005 03:36 AM
question about Mapping 802.1Q VLANs to ISL VLANs ilya@3ka.mipt.ru Cisco 0 01-11-2005 02:42 PM
VLAN Trunking Cisco Cat 5500 switch (multiple vlans per port) help please BG Cisco 4 09-07-2004 01:39 AM



Advertisments