Networks·41,468 discussions

Find IP of device attached to a CISCO switch

Locked

Is there a way to find what IP is associate with a specific interface on a CISCO switch using CLI?

I know I can do a “show arp” and that will give me the IP’s in the arp table but how to I associate that with the interface that it is attached to?

Topic

Clarifications

In reply to Find IP of device attached to a CISCO switch

Clarifications

use this command

In reply to Find IP of device attached to a CISCO switch

RARP

which will query the devices and return an IP address.

Try this one

In reply to Find IP of device attached to a CISCO switch

Assuming the device you are trying to resolve is on the same VLAN as the management IP address (I assume the default: VLAN 1 and IP address of your device is 172.16.32.164) you can try doing this (from the Cisco Catalyst):

#ping 172.16.32.164
#show arp

! Get the MAC Address of the device you are looking for

#show mac-address-table

The output should be something like this

4 0030.4842.f5a2 DYNAMIC Fa0/6

As you can see the device will be listed together with the port it results being connected to.

If you have pinged the device from the network, not necessarily from the Cisco Switch the MAC address of the device should already be saved in the MAC address table of all switches, so the ping command won’t be necessary.

Almost there

In reply to Try this one

Thanks for your quick reply.

I had already tried the “show arp” command however I get “VLAN1” as being the interface.

What I need to do is associate an IP Address with the exact interface #.

Example if someone comes to me and says 10.100.0.32 is port scanning can you please cut them off at the switch. I will need to know the exact interface to shutdown (there are other reasons why I would need to know the interface # this is just an example).

Any help is GREATLY appreciated – Long Live the TechRepublic!

Switch

In reply to Almost there

Since the switch is working at Layer 2 of the OSI model, you cannot associate an IP address on a port, but only a MAC address and the port it is connected. Also, from a security point of view, a portscan action can be done using a spoofed IP address, so the information given is unreliable.

I would suggest you to do a map of the layer 2 of your network using some simple tool (nmap with -sP option to do a ping sweep of the entire subnet) and gathering the whole information in an Excel file (or equivalent). Once someone asks you to disable a device, you can match the IP address with its MAC address and disable the port you need.

Also you can prevent users from “sniffing” the network by using the “protected port” feature given by Cisco Catalysts. Using the “mac-address sticky” option you will reduce efforts for managing mac address table on each port, while “mac-address maximum 2” will grant that no more than 2 MAC addresses can be applied on that port. Once a device starts an ARP Poisoning process or sniffing (actively) the port will shutdown (or other chosen action policy).

Hope this helps :))

En3pY

What type of switch?

In reply to Almost there

VLAN 1 is reserved for admin so someone knows how to get on there which is a little unsettling.

Is this a layer-2 or layer-3 switch? Associating an IP address with MAC on a Layer-2 device isn’t possible is it? You could try associating the MAC address with the same on the VLAN router. If you are using VLANs then a router of some description will also be installed.

try this

In reply to Almost there

if you need to narrow your search for an ip try :

show arp | i #.#.#.#

it will tell you the mac address associated with this IP.

then you can run the show mac-address-table address A.B.C.D to get the exact port.

hope it helps

Zombie alert!

In reply to try this

.

I do it in such way…

In reply to Find IP of device attached to a CISCO switch

with L3 switches.

Run CLI command “show mac address-table”, you will get list with Vlan ID, mac address and port info.

Find your port in the list and take mac address which associates with this port. Then run “show arp” command and find the record with mentioned above mac address. You have ip you looking for.

for example:
show mac address-table | include GigabitEthernet2/28

you have output:
10 0002.a534.8ff5 dynamic ip GigabitEthernet2/28

sh arp | include 0002.a534.8ff5

result:
Internet 10.1.185.251 0 0002.a534.8ff5 ARPA Vlan10

Hope it help you

You can also use…

In reply to I do it in such way…

trace mac ip…
Ping an IP in the same vlan and ping the ip you are after…
Then use the random IP as the source and your taget IP as the target.

Find IP from MAC address Check OUT

In reply to Find IP of device attached to a CISCO switch

If you have Mac Address than , login to your cisco l3 switch which is connected to L2 Switch ,
In Cisco L3 Switch Type # sh ip dhcp binding assigned . here u need to find exact mac address which is might be start with 01 or 11 . thats it , there only u will find ip address which is associated to relevent Mac address.

othere than u can also enable cdp discovery in switch and type #sh cdp nei details

Reponse To Answer

In reply to Find IP from MAC address Check OUT

Sheesh…did you even look at the date this question was asked?
June 25 2007—-almost 6 years! I wonder if the original poster is
still looking for an answer? Probably not, since it was answered
ABOVE in detail.

[Author]

Replies