Solved

Retrieve IP addresses from Cisco Switch Ports

Posted on 2004-10-07
6
11,973 Views
Last Modified: 2013-11-13
Looking to get the corresponding ip address of the switch port.
I run show ip arp and show mac address table on the switches and save results in seperate text files.
I then run a perl script on these files to retrieve the ip address, machine names , vlan etc.
problem is however not all ports are outputting arp details so only getting info on some ports
Does anyone know of a workaround to this problem
0
Comment
Question by:mulpeter
6 Comments
 
LVL 27

Expert Comment

by:pseudocyber
ID: 12247922
You're only going to get ARP details matching an IP address to a port if in fact IP is running on the port in question.  In some cases, it might not be.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 12248051
Entries will only be in the Mac Address table if a machine is connected to the port and is turned on and communicating on the network.  The entries age out so if a machine is turned off, its ARP/MAC entries will eventually age out and be removed from the tables.
0
 
LVL 10

Expert Comment

by:ngravatt
ID: 12248813
Typically you would need to find it on one of your machine's arp tables.  If there is a router in your network, this is usually the most central place to gather that type of info.  On a cisco router, the command is "show arp" - it will give you a listing of the MAC addresses and their corresponding IP address.  On a windows box, from a DOS prompt you can type "arp -a" to see similar output.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 10

Expert Comment

by:ngravatt
ID: 12248837
i forgot to say.  switches (most) only work at layer 2, so they never see IP addresses. Routers work at Layer 3, so they learn IP addresses for use in the routing tables and such.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12248897
If you have a router and a switch, you can use the ARP cache of the router.
Switch holds mac-address to switchport mapping - get the mac table
Router holds mac-address to IP address mapping - compare arp table to switch mac table
WINS/DNS holds IP address to NetBios host/user mapping - resolve IP's to netbios/host names

You need to use all three in concert to keep tabs on who's on first.

Take a look a Solarwinds switchport mapper. Free 30 day eval just to see how it works:
http://www.solarwinds.net
0
 
LVL 11

Accepted Solution

by:
PennGwyn earned 250 total points
ID: 12260400
Machines will appear in the ARP table only if they have sent traffic seen by this device within the timeout period.  When I'm faced by a similar challenge, I begin with a broadcast ping (your equipment might not propagate that, and so you might need to do a fast ping scan instead).  Every device that wants to answer the ping must arp for its origin first, and that gets their MAC address into the switch arp table if it had timed out.

0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now