Solved

Need Cisco command to convert mac address to ip address

Posted on 2008-10-02
6
8,610 Views
Last Modified: 2009-12-16
I have a Cisco 3560 that we are trying to determine the ip address of a device that is connected to a given port... We have run "show mac-address-table" and have the mac address but now need to know how to convert that mac address into an IP Address.  Does anyone know the command?
0
Comment
Question by:BPGInfotech
  • 2
  • 2
  • 2
6 Comments
 
LVL 5

Assisted Solution

by:Cutshall
Cutshall earned 150 total points
Comment Utility
If you go to any router on the network and show the ARP table, you should be able to resolve the MAC address to an IP. Switches do not understand IP since they work at Layer 2.

Since the switch is working at Layer 2 of the OSI model, you cannot associate an IP address on a port, but only a MAC address and the port it is connected. Also, from a security point of view, a portscan action can be done using a spoofed IP address, so the information given is unreliable.

I would suggest you to do a map of the layer 2 of your network using some simple tool (nmap with -sP option to do a ping sweep of the entire subnet) and gathering the whole information in an Excel file (or equivalent). Once someone asks you to disable a device, you can match the IP address with its MAC address and disable the port you need.

Also you can prevent users from "sniffing" the network by using the "protected port" feature given by Cisco Catalysts. Using the "mac-address sticky" option you will reduce efforts for managing mac address table on each port, while "mac-address maximum 2" will grant that no more than 2 MAC addresses can be applied on that port. Once a device starts an ARP Poisoning process or sniffing (actively) the port will shutdown (or other chosen action policy).
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 350 total points
Comment Utility
If the switch is the default gateway of the device in question, just do a "show arp".
0
 
LVL 5

Expert Comment

by:Cutshall
Comment Utility
I thought doing a "show arp" will only give you the mac address and the port right?  Since the device is Layer 2, it doesn't really understand IP addresses.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:BPGInfotech
Comment Utility
Ok... I am going to split the point between the two but give the majority to donjohnston and her is the reason why... I had already stated that I was able to do a show mac-address-table on the switch that I wanted to find the IP address.  By doing this command I can see the mac address associated to a given port.  donjohnsoton mentioned the default gateway and that is the key point here... I tried to do a show arp on our router and it only showed info on what is connected to that device... really just external IP Addresses... but our Firewall I did the show arp and I was able to get the ip address of all devices with their mac address... I then cross referenced the command I did on the switch to get the matcing IP address.  We have a ASA5510 firewall and the show arp command gave me the info...

Thanks for your resposes
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
>I thought doing a "show arp" will only give you the mac address and the port right?  Since the device is Layer 2, it doesn't really understand IP addresses.

The 3560 is a multilayer switch. As such, if IP routing is enabled (and if the device is communicating with the switch), then it's IP address, MAC and port will be displayed in the ARP cache of the switch.
0
 

Author Comment

by:BPGInfotech
Comment Utility
Show arp on teh 3560 switch gave IP and MAC but only from two of my servers and my firewall the ASA5510.  But the "show mac-address-table" on the 3560 gave me the mac and port... which was half of my issue I knew what port was in question.  So by doing the "show arp" on my ASA I got a list of IP Addresses and Mac Addresses... I then matched the Mac from the mac-address-table command to get the IP Address.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now