Solved

Need Cisco command to convert mac address to ip address

Posted on 2008-10-02
6
8,639 Views
Last Modified: 2009-12-16
I have a Cisco 3560 that we are trying to determine the ip address of a device that is connected to a given port... We have run "show mac-address-table" and have the mac address but now need to know how to convert that mac address into an IP Address.  Does anyone know the command?
0
Comment
Question by:BPGInfotech
  • 2
  • 2
  • 2
6 Comments
 
LVL 5

Assisted Solution

by:Cutshall
Cutshall earned 150 total points
ID: 22624079
If you go to any router on the network and show the ARP table, you should be able to resolve the MAC address to an IP. Switches do not understand IP since they work at Layer 2.

Since the switch is working at Layer 2 of the OSI model, you cannot associate an IP address on a port, but only a MAC address and the port it is connected. Also, from a security point of view, a portscan action can be done using a spoofed IP address, so the information given is unreliable.

I would suggest you to do a map of the layer 2 of your network using some simple tool (nmap with -sP option to do a ping sweep of the entire subnet) and gathering the whole information in an Excel file (or equivalent). Once someone asks you to disable a device, you can match the IP address with its MAC address and disable the port you need.

Also you can prevent users from "sniffing" the network by using the "protected port" feature given by Cisco Catalysts. Using the "mac-address sticky" option you will reduce efforts for managing mac address table on each port, while "mac-address maximum 2" will grant that no more than 2 MAC addresses can be applied on that port. Once a device starts an ARP Poisoning process or sniffing (actively) the port will shutdown (or other chosen action policy).
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 350 total points
ID: 22624097
If the switch is the default gateway of the device in question, just do a "show arp".
0
 
LVL 5

Expert Comment

by:Cutshall
ID: 22624182
I thought doing a "show arp" will only give you the mac address and the port right?  Since the device is Layer 2, it doesn't really understand IP addresses.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:BPGInfotech
ID: 22624263
Ok... I am going to split the point between the two but give the majority to donjohnston and her is the reason why... I had already stated that I was able to do a show mac-address-table on the switch that I wanted to find the IP address.  By doing this command I can see the mac address associated to a given port.  donjohnsoton mentioned the default gateway and that is the key point here... I tried to do a show arp on our router and it only showed info on what is connected to that device... really just external IP Addresses... but our Firewall I did the show arp and I was able to get the ip address of all devices with their mac address... I then cross referenced the command I did on the switch to get the matcing IP address.  We have a ASA5510 firewall and the show arp command gave me the info...

Thanks for your resposes
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 22624402
>I thought doing a "show arp" will only give you the mac address and the port right?  Since the device is Layer 2, it doesn't really understand IP addresses.

The 3560 is a multilayer switch. As such, if IP routing is enabled (and if the device is communicating with the switch), then it's IP address, MAC and port will be displayed in the ARP cache of the switch.
0
 

Author Comment

by:BPGInfotech
ID: 22624486
Show arp on teh 3560 switch gave IP and MAC but only from two of my servers and my firewall the ASA5510.  But the "show mac-address-table" on the 3560 gave me the mac and port... which was half of my issue I knew what port was in question.  So by doing the "show arp" on my ASA I got a list of IP Addresses and Mac Addresses... I then matched the Mac from the mac-address-table command to get the IP Address.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question