Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Tracking down a client's port

Reply
Thread Tools

Tracking down a client's port

 
 
Matt White
Guest
Posts: n/a
 
      08-19-2005
Newsgroup -

I have a network made up of 2950s and 3508s. There's six TCs, each with
a pile of 2950s connected together via GigaStack, and the closets are
connected together via the 3508s with fiber on a GBIC.

Every time I need to track down the port that a client is on (starting
only from the IP address), I have a rather lengthy procedure that I follow:

- Get on the first 3508 and ping the IP address.
- Look at the ARP table on the switch to find the MAC address.
- Look at the MAC address table to see which port the MAC is assigned
to. If a switch isn't connected to that port, I've found my port.
- Look at the CDP neighbors table to see which switch is connected to
the port the MAC address is connected to. (If it's on the GigaStack
link, this could take a while since you don't know WHICH switch in the
stack you're looking for.)
- Jump over to that switch, look at the MAC address table. If it's
connected to another switch, repeat until the end port is found.

This works, but it takes a while. Every time I do this I end up thinking
"You know, there has to be an easier way to do this..."

Is there?

- Matt
 
Reply With Quote
 
 
 
 
Joop van der Velden
Guest
Posts: n/a
 
      08-19-2005
Matt White wrote:

> This works, but it takes a while. Every time I do this I end up thinking
> "You know, there has to be an easier way to do this..."
>
> Is there?


trace mac <mac address> <mac address>

--
Joop van der Velden - http://www.velocityreviews.com/forums/(E-Mail Removed)


 
Reply With Quote
 
 
 
 
Matt White
Guest
Posts: n/a
 
      08-19-2005
Joop van der Velden wrote:

> trace mac <mac address> <mac address>


"Error: Device has Multiple CDP neighbours on source port."

The device I'm looking for is on the GigaStack... so that is a correct
statement.

At least that'll be handy in places where we don't use a GigaStack.

- Matt
 
Reply With Quote
 
Rainer Nagel
Guest
Posts: n/a
 
      08-25-2005
Hi Matt,

On Fri, 19 Aug 2005 10:59:18 -0400,
Matt White <(E-Mail Removed)> wrote:

> Every time I need to track down the port that a client is on (starting
> only from the IP address), I have a rather lengthy procedure that I follow:
>
> - Get on the first 3508 and ping the IP address.
> - Look at the ARP table on the switch to find the MAC address.
> - Look at the MAC address table to see which port the MAC is assigned
> to. If a switch isn't connected to that port, I've found my port.
> - Look at the CDP neighbors table to see which switch is connected to
> the port the MAC address is connected to. (If it's on the GigaStack
> link, this could take a while since you don't know WHICH switch in the
> stack you're looking for.)
> - Jump over to that switch, look at the MAC address table. If it's
> connected to another switch, repeat until the end port is found.
>
> This works, but it takes a while. Every time I do this I end up thinking
> "You know, there has to be an easier way to do this..."


I use a perl script for this.
The switchport description says which switch or host is connected on
this port so i don't need cdp.
And it can ask all routers and firewalls in our data center for their
arp tables.

Ciao
--
Rainer Nagel
(E-Mail Removed)
Duesseldorfer Linux User Group - http://www.dlug.de
 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      08-25-2005
In article <(E-Mail Removed)>,
Rainer Nagel <(E-Mail Removed)> wrote:
:I use a perl script for this.
:The switchport description says which switch or host is connected on
:this port so i don't need cdp.
:And it can ask all routers and firewalls in our data center for their
:arp tables.

Unfortunately this doesn't generalize to all vendors. For example,
the Nortel Baystack switch series (4x0 and 5510 both) do not have
any SNMP mechanism for retrieving the user-assigned switchport description:
instead one gets the system-generated description such as
"BayStack 450-24T - Unit 3 Port 7".

Even within Cisco, there is no way to assign a port description on
with PIX software at least up to 6.x.

Another challenge is that when you are working with a mix of devices,
there are -three- MAC tables you have to probe, not just one.
ifPhysAddress atPhysAddress ipNetToMediaEntry . And the format of
the result of the latter two of those is not consistant from device
type to device type. For example, in some cases (Nortel Accelar/Passport)
you have to do a binary decomposition of the port identifier in order
to find out what the portindex is.

Then there are challenges involving the devices lying or
returning incomplete results, with the -kind- of lying they do
dependant on whether you are using snmpget, snmpwalk, or snmpbulkget ...


All in all, it's a non-trivial effort to write -reliable- generalized
MAC probe scripts for homogenous devices. And you often still don't
get the information you are looking for because of ARP table timeouts...
--
This signature intentionally left... Oh, darn!
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Tracking Someone Tracking Me Edw. Peach Computer Security 4 07-07-2005 05:50 PM
Tracking down threads created within a ASP.NET app =?Utf-8?B?bWFyZWFs?= ASP .Net 3 03-04-2005 07:47 PM
Port Tracking mawi Cisco 2 09-22-2004 08:47 PM
Tracking down error occurring with "Request" object Ben Amada ASP .Net 4 08-18-2004 02:04 AM
Port security on a Catalyst 4000 - fails to shut down port Jon Whitear Cisco 2 11-04-2003 11:01 PM



Advertisments