If I run show mac-address-table dynamic I get a bunch of mac addresses on that table. But due to the aging parameter, I don't see the mac addresses of all possible devices on the network that come through that switch. Is there a way to force an update, perhaps pinging a broadcast IP or any other way, which would include all possible mac adresses? One possibility I know is ping sweep, but that might take a long time (longer than 5 minutes of aging time) and I'd like to see if there is any alternative.
Asked
Active
Viewed 6,651 times
1
-
1The short answer is no, there is not a way to get ALL devices to send a frame so they show up in the CAM table. However, your question sounds like a poor solution to any problem. What are you really trying to accomplish? – longneck Mar 08 '13 at 21:45
-
I have a very long list of mac addresses of different servers on the network and I need to match them against CAM tables of all switches in order to find out to which defices it's connected directly (I already know how to get CAM table of mac addresses that are directly connected). – Megaslav Mar 08 '13 at 22:28
4 Answers
2
The switch only learns about MAC addresses when a device sends an Ethernet frame to it. So the only way to get the CAM table populated with all of the devices is to get all of the devices to talk.
however, I think you're over thinking the problem. if you just start with what is already there I bet you will get most, if not all, of your devices.
longneck
- 22,793
- 4
- 50
- 84
-
That is what I though, however currently we scan at night and reading CAM tables from almost every switch, we get around a third or half of all the devices. That's possibly because we ran at night and different servers have activity during different times of day. – Megaslav Mar 11 '13 at 12:48
-
1
Unless you've got thousands of hosts a ping sweep should almost certainly complete before the switch MAC table caches out the entries. Have you run a ping sweep to check the results?
joeqwerty
- 108,377
- 6
- 80
- 171
-
We've got several thousands of hosts, and the sweep takes around half an hour. Unless I find another solution, I'm thinking of sweeping by ranges and running several CAM checks. – Megaslav Mar 11 '13 at 12:49
-
1
-
You are right. looks pretty fast, took around 5 minutes to ping 140 /24 vlans. If somehow I can run it faster, it might even work for me. – Megaslav Mar 12 '13 at 15:04
0
As an alternative approach, you could use the mac address-table notification feature in conjunction with the relevant show outputs.
This feature will keep a history table of all changes to the mac address table - so if you take a copy of the mac address table at time A and then enable this feature and monitor it for a few days you should end up with a pretty comprehensive world view by combining all the changes with the initial list.
To enable mac address-notification
mac address-table notification change history-size 500
mac address-table notification change
Furthermore, you can have it send SNMP traps so you can collect all the reports easily from an SNMP daemon.
snmp-server host 1.1.1.1 traps SNMP_COMMUNITY_STRING
snmp-server enable traps mac-notification change move threshold
int range fa0/1 - 24
snmp trap mac-notification change added
Jason Seemann
- 1,120
- 6
- 9
-
I didn't know about this feature, thanks! It would be useful in case we had few devices, however we've got over 300, so pushing this change on all them isn't that viable. – Megaslav Mar 11 '13 at 12:53
0
Have a look on the sticky mac-address feature. Some info may be found here e.g.. In general, sticky mac-address enables your switch to learn all possible MAC addresses that can appear on the specified switch interface and then save them into the running config. You can write those changes then into the startup config and you'll have all MAC addresses from your network saved and persistant.
Guardian
- 199
- 4