13

Our company recently closed down half our office space, which was not being used. We gave back the unused space to the building management and had it walled off. Prior to us closing it off, I jotted down the network jack #'s on the side to be closed and made sure to disconnect them from the switches in our server room.

Today, I'm recreating a spreadsheet which lists all of our current physical network jacks, and where they are located in the resized office.

Two issues:

1) A few of the network jack numbers don't seem to be syncing up with the labels on the relay racks. For example, there is a logged in laptop plugged into jack# 28. So I go to the relay rack, find port 28, and trace it to the switch. Problem is, the port that it's plugged into on the switch, is not lit up, showing it as inactive. But, it most definitely is active and on the network. Is there a way, either by IP or name, to query a Cisco switch to tell you which port# that particular PC is plugged into?

2) There are a few ports on the switches which are lit up, indicating activity, but when I trace them back to the relay rack, they are attached to ports which are no longer in use, or no longer exist. I guess my question is as above, is there a way to display the IP or name of whatever is attached to that port on the switch?

radius
  • 9,545
  • 23
  • 45
Citizen Chin
  • 532
  • 1
  • 12
  • 21

10 Answers10

10

Not quite a dupe, but there's a similar question here, which has some suggestions about mapping an IP address to a switch port.

In this case, it sounds like the best option is to identify all switch ports that are connected to devices you know about. My suggestions for this (assuming Cisco managed routers/switches):

Identify known devices

From your first hop router(s), do a broadcast ping on each subnet that is trunked to a switch supporting the office space (as opposed to any data centre space you may have). Note, this should be the directed broadcast address of each subnet, rather than the 'all devices' broadcast IP of 255.255.255.255 In Cisco IOS, this can only be done from privileged exec mode. For example, to ping all machines on the subnet 192.168.100.0/25, use:

ping ip 192.168.100.127

This will populate the ARP cache of the router with entries for all machines on each subnet responding to ping.

Again on the first hop routers, extract the list of ARP entries for each subnet:

show ip arp interface vlan 100

This will give you all the IPs and MAC addresses of every device that responded to the ping. You can check the list of IPs against DNS (or another naming service) to identify the names of specific devices. Any IP address that you can't match a name to should be flagged for further investigation.

Map known devices to switch ports

Take the list of MAC addresses and use it to determine which switch port each device is connected to.

show mac-address-table address <mac-address>

Will show you the MAC address table entry for that particular MAC, including which switch port it's connected to. Alternatively:

show mac-address-table vlan <vlan number>

Will show you the MAC address table for all ports in that VLAN. Note, the default time out for MAC address tables on Cisco devices is 5 minutes; you may need to run your broadcast ping again in order to repopulate it.

Map unknown devices to switch ports

For those IPs that you couldn't map to known devices, the commands in the previous section will tell you which port you need to check.

Also, run:

show mac-address-table

with no arguments. Take the output, and remove the lines for any known MAC addresses, as well as any router-router and switch-switch links. The MAC addresses that you will be left with are devices that are connected to your switch, but aren't communicating via IP to your first hop routers. The ports these appear on should also be flagged for investigation.

Map flagged ports to outlets

For all the ports you have flagged (i.e. devices you can't identify), you'll need to do a physical trace from the switch port to the access port on the office floor. If you're lucky, your landlord will use managed cabling infrastructure; if not, be prepared to lift floor tiles and trace cables the old fashioned way. Best of luck.

Community
  • 1
Murali Suriar
  • 10,166
  • 8
  • 40
  • 62
9

If you have CDP enabled and a recent IOS, a nice, fast way to find where a PC is plugged into is by MAC. Use this command on the Cisco router's CLI:

traceroute mac xxxx.xxxx.xxxx  xxxx.xxxx.xxxx

Where xxxx.xxxx.xxxx is the MAC address of the PC. If you don't know the MAC, I would look in the arp-cache for the IP and find the MAC that way. You may want to ping the broadcast IP to get everything to arp so devices that have been idle show up.

router#traceroute mac 0000.0000.0000 0000.0000.0000
Source 0000.0000.0000 found on switch5
1 switch5 (10.11.12.5) : Gi0/43 => Gi0/43
Destination 0000.0000.0000 found on switch5
Layer 2 trace completed

A more typing intensive way to do this is to do this:

router#show mac- | inc 0000.0000.0000
 100    0000.0000.0000    DYNAMIC     Po1
router#show int Po1 | inc Gi
  Members in this channel: Gi1/0/1 Gi2/0/1 
router#show cdp neighbors Gi1/0/1 detail | inc IP
  IP address: 10.11.12.5
Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2)
  IP address: 10.11.12.5

You would then telnet/ssh into 10.11.12.5 and repeat until you found no more CDP neighbors which would most likely mean the port you found is the port the PC is connected to.

Joseph
  • 3,787
  • 26
  • 33
4

CiscoWorks, or whatever they call it now, will definitely do this for you. There are also SNMP OIDs that can enumerate the ports, the port status, and the CAM table. This will, at the very least, tell you which switchport a MAC address is on. Depending on your switch model you may also be able to view the ARP table.

I would start out by searching for your specific switch model to see what kind of SNMP OIDs are available. You can also check out NetDisco, which is an opensource network discovery/monitoring tool. The development slowed for the past few years, but a new release is currently being developed.

NetDisco

MIBs Supported by Product - Cisco

Scott Pack
  • 14,717
  • 10
  • 51
  • 83
3

Spiceworks is free and will automatically create a nice map of all components on your network, complete with name, IP, and traffic. Its very easy to use also.

http://www.spiceworks.com/

cop1152
  • 2,626
  • 3
  • 21
  • 32
2

You do not give a lot of information what equipment is used. If the switch is a managed switch, you can use the cli, web app, or management software to obtain the MAC addresses detected on a port. These identify the network cards connected to the particular port.

MendelG
  • 107
  • 3
txwikinger
  • 903
  • 7
  • 14
2

show mac-address-table will show you what MAC addresses the switch has seen on each port. If you want to see it just for a specific port, use show mac-address-table interface ... and if you're trying to locate a specific host, use show mac-address-table address <mac-address>.

Your default router is probably a good point to find MAC-to-IP mappings, as most hosts should have one there. At a guess, the problem you're having is down to incorrect mapping between the labels on the floor ports and your switching cabinet.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
Vatine
  • 5,390
  • 23
  • 24
2

First do continuous ping to/from machine you want to find to other machine in network. You can use

pint -t <ip address>

in windows for continuos ping.

After that on connect to cisco switche using ssh / telnet / console and you you can use

show ip arp | include <ip address>

command to find mac address of particular machine. You could have also simply looked up mac address of machine if you had access to it. Then you can use command

show mac address-table | include <mac listed above in show ip arp>
or 
show mac-address-table | include <mac listed above in show ip arp>

depending upon which switch you are using. This will tell you the port at which packets belonging to that MAC address will be forwarded. If that port is a trunk port, ie another switch is connected at that port then you can follow the same steps on the other switch, until you find port at which hosts are connected. If cdp is enabled you can use command

show cdp nei detail

to find IP address / hostname of switch which is connected to that port.

For the process to work you must start from top layer 3 switch / router and you should do continuos ping to IP in another subnet. Also it is assumed that complete network uses only cisco manageable switches.

Saurabh Barjatiya
  • 4,643
  • 2
  • 29
  • 34
1

From the switch you should be able to tell what MAC address is connected to each port.

From there are many ways to go from MAC to IP. Google should be able to give you a bunch of options there for your operating system.

If there's traffic on the port you could also mirror the port and take a packet capture.

3dinfluence
  • 12,409
  • 2
  • 27
  • 41
0

You can use something like the Netfinder Pro to verify which port numbers correspond to which patch panel numbers.

If jack number 28 doesn't go through to port number 28, then you should probably distrust the rest of the numbering and just do a manual check.

MendelG
  • 107
  • 3
Adam Brand
  • 6,057
  • 2
  • 28
  • 40
0

if you Turn on terminal monitor on your switch and unplug the cord at the pc you should see the port disconnect which will give you the port that pc is connected to. This will verify the port that the pc is plugged into and lable the port accordingly.

DeadSeaMonkey
  • 1
  • 1
    There are already a good answer to this question, so no need for another one. However, this one seems pretty "low-practical" – Frederik Nov 01 '12 at 21:00