Need Cisco command to convert mac address to ip address

Posted on 2008-10-02
Last Modified: 2009-12-16
I have a Cisco 3560 that we are trying to determine the ip address of a device that is connected to a given port... We have run "show mac-address-table" and have the mac address but now need to know how to convert that mac address into an IP Address.  Does anyone know the command?
Question by:BPGInfotech
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2

Assisted Solution

Cutshall earned 150 total points
ID: 22624079
If you go to any router on the network and show the ARP table, you should be able to resolve the MAC address to an IP. Switches do not understand IP since they work at Layer 2.

Since the switch is working at Layer 2 of the OSI model, you cannot associate an IP address on a port, but only a MAC address and the port it is connected. Also, from a security point of view, a portscan action can be done using a spoofed IP address, so the information given is unreliable.

I would suggest you to do a map of the layer 2 of your network using some simple tool (nmap with -sP option to do a ping sweep of the entire subnet) and gathering the whole information in an Excel file (or equivalent). Once someone asks you to disable a device, you can match the IP address with its MAC address and disable the port you need.

Also you can prevent users from "sniffing" the network by using the "protected port" feature given by Cisco Catalysts. Using the "mac-address sticky" option you will reduce efforts for managing mac address table on each port, while "mac-address maximum 2" will grant that no more than 2 MAC addresses can be applied on that port. Once a device starts an ARP Poisoning process or sniffing (actively) the port will shutdown (or other chosen action policy).
LVL 50

Accepted Solution

Don Johnston earned 350 total points
ID: 22624097
If the switch is the default gateway of the device in question, just do a "show arp".

Expert Comment

ID: 22624182
I thought doing a "show arp" will only give you the mac address and the port right?  Since the device is Layer 2, it doesn't really understand IP addresses.
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.


Author Comment

ID: 22624263
Ok... I am going to split the point between the two but give the majority to donjohnston and her is the reason why... I had already stated that I was able to do a show mac-address-table on the switch that I wanted to find the IP address.  By doing this command I can see the mac address associated to a given port.  donjohnsoton mentioned the default gateway and that is the key point here... I tried to do a show arp on our router and it only showed info on what is connected to that device... really just external IP Addresses... but our Firewall I did the show arp and I was able to get the ip address of all devices with their mac address... I then cross referenced the command I did on the switch to get the matcing IP address.  We have a ASA5510 firewall and the show arp command gave me the info...

Thanks for your resposes
LVL 50

Expert Comment

by:Don Johnston
ID: 22624402
>I thought doing a "show arp" will only give you the mac address and the port right?  Since the device is Layer 2, it doesn't really understand IP addresses.

The 3560 is a multilayer switch. As such, if IP routing is enabled (and if the device is communicating with the switch), then it's IP address, MAC and port will be displayed in the ARP cache of the switch.

Author Comment

ID: 22624486
Show arp on teh 3560 switch gave IP and MAC but only from two of my servers and my firewall the ASA5510.  But the "show mac-address-table" on the 3560 gave me the mac and port... which was half of my issue I knew what port was in question.  So by doing the "show arp" on my ASA I got a list of IP Addresses and Mac Addresses... I then matched the Mac from the mac-address-table command to get the IP Address.

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question