How to find out from which switch is coming the exact MAC address

Question

I am working on a big company with 2 Backbone routers (ARS9K) and 200+ switches (Cisco, D-link, Tp-Link and etc.). Lets say that I know an exact MAC address of a device, but I do not know to which of 200 switches is it connected to. Ho can I find it out? Thanks

https://www.petri.com/identify-connections-network-switch – user9517 Oct 30 '15 at 06:56 — user9517, Oct 30 '15 at 06:56

score 0 · Answer 1 · answered Oct 30 '15 at 08:40

0

If you have administrative access to these switches, then you can login and use the integrated debug tool to track down the port on which the required MAC is seen / from which is coming.

However if you can't login into the switches, you simply can't, from the client alone, tell what switches forwarded the packets. At most, carefully analyzing the RTT times, you can rebuild a (very) vague topology (eg: how many switches forwarded the packets), nothing more.

answered Oct 30 '15 at 08:40

shodanshok

44,038
6
98
162

I know, and can access the switches to look through it's MAC table. But i do not know which exact switch the exact MAC address (host) is connected to. Can i do it via ASRs? – Zaur Aliyev Oct 30 '15 at 09:41
`you can login and use the integrated debug tool` - I don't know what that means but why wouldn't you just look at the MAC address table? – joeqwerty Oct 30 '15 at 14:38
I think no one reads the question fully :). I cannot look at the MAC table, because i do not know to which exact switch the device is connected to... We have 200+ switches.. – Zaur Aliyev Oct 31 '15 at 05:57
@joeqwerty MAC address showing/listing _is_ one of the debug tool I was referring. Moreover, modern switches often have other tool as spanning tree tracking and the likes. Anyway, as each switch vendor use a proprietary syntax (and often inconsistent nomenclature) it is impossible to specify and "universal command" to retrieve the required information. – shodanshok Oct 31 '15 at 10:44
1

@ZaurAliyev you don't need to log into all 200 switches, but only on the relevant ones. Begin with your "nearest" switch, and see (from the MAC table) on which port is the interesting MAC announced. Then log into the other switch connected to that port, and so on. While it is somewhat tedious, it should be doable. Another approach would be to access each switch programmatically (eg: by using a script to read, via SNMP, the MAC table), searching for the interesting MAC. – shodanshok Oct 31 '15 at 10:47

How to find out from which switch is coming the exact MAC address

1 Answers1