- by Brock Henning, Sr. Networking Consultant
The Problem: “I don’t have a fancy, expensive automated tool for finding what switch port an end-station is connected to on my network. Is there a way to track this down manually without having to trace cables?”
The Solution: Actually, there is, and if you are using Cisco switches, it’s even easier. There are two things you’ll need to know to track down the PC, printer, etc., to find which switch and switch port it’s connected to: the IP address and the MAC address of the end-station. The good news is once you have the IP address, you’ll identify the MAC address during the following process. For our example, we’ll use 10.10.10.10 as the IP address of the end-station.
First, you’ll need to access the layer 3 device (router or layer 3 switch) that has a routable interface directly on the LAN segment or VLAN of your end-station. For our example, we’ll call this ROUTER-A, and ROUTER-A has an interface configured on the 10.10.10.x subnet that our end-station sits on.
From ROUTER-A, issue a ping to the end-station IP address (this example is for Cisco IOS):
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
(Hint: Even if the end-station is not pingable, maybe due to a firewall rule, the MAC address in the next step will still be identifiable if the end-station is alive on your network.)
Again from ROUTER-A, view the updated ARP cache and filter the output by the end-station IP. This will provide you with the end-station MAC address and the interface on ROUTER-A leading to the end-station:
ROUTER-A#show ip arp | include 10.10.10.10
Internet 10.10.10.10 40 0018.abcd.ef00 ARPA FastEthernet0/0
Let’s assume FastEthernet0/0 on ROUTER-A is connected to a Cisco switch that we’ll call SWITCH-1.
(Hint: With Cisco routers and switches running CDP, you can issue a “show cdp neighbor” to identify connected switches and routers and which ports they are connected to.)
Now that we have the MAC address of our end-station, login to SWITCH-1 and enter the following command to further trace the source of the end-station (again, this example is for Cisco IOS-based switches and the specific command syntax may vary slightly depending on your Cisco switch model):
SWITCH-1#show mac-address-table address 0018.abcd.ef00
Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 10 0018.abcd.ef00 DYNAMIC Gi0/1 Total Mac Addresses for this criterion: 1
The MAC address is coming from the GigabitEthernet0/1 interface on SWITCH-1. Let’s assume that another switch, SWITCH-2, is connected to this interface (again, you can use the “show cdp neighbor” command on Cisco routers and switches running CDP to identify neighboring Cisco devices). Next, login to SWITCH-2 and enter the same command to view SWITCH-2’s MAC address table:
SWITCH-2#show mac-address-table address 0018.abcd.ef00
Non-static Address Table: Destination Address Address Type VLAN Destination Port ------------------- ------------ ---- -------------------- 0018.abcd.ef00 Dynamic 1 FastEthernet0/26
We have now identified that this end-station is connected to FastEthernet0/26 on SWITCH-2. If you have more switches chained together, you would simply continue the “show mac-address-table” process on each neighboring switch all the way down the line until you reach the last remaining port not connecting to another switch.