Solved

Need Cisco command to convert mac address to ip address

Posted on 2008-10-02
6
8,688 Views
Last Modified: 2009-12-16
I have a Cisco 3560 that we are trying to determine the ip address of a device that is connected to a given port... We have run "show mac-address-table" and have the mac address but now need to know how to convert that mac address into an IP Address.  Does anyone know the command?
0
Comment
Question by:BPGInfotech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 5

Assisted Solution

by:Cutshall
Cutshall earned 150 total points
ID: 22624079
If you go to any router on the network and show the ARP table, you should be able to resolve the MAC address to an IP. Switches do not understand IP since they work at Layer 2.

Since the switch is working at Layer 2 of the OSI model, you cannot associate an IP address on a port, but only a MAC address and the port it is connected. Also, from a security point of view, a portscan action can be done using a spoofed IP address, so the information given is unreliable.

I would suggest you to do a map of the layer 2 of your network using some simple tool (nmap with -sP option to do a ping sweep of the entire subnet) and gathering the whole information in an Excel file (or equivalent). Once someone asks you to disable a device, you can match the IP address with its MAC address and disable the port you need.

Also you can prevent users from "sniffing" the network by using the "protected port" feature given by Cisco Catalysts. Using the "mac-address sticky" option you will reduce efforts for managing mac address table on each port, while "mac-address maximum 2" will grant that no more than 2 MAC addresses can be applied on that port. Once a device starts an ARP Poisoning process or sniffing (actively) the port will shutdown (or other chosen action policy).
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 350 total points
ID: 22624097
If the switch is the default gateway of the device in question, just do a "show arp".
0
 
LVL 5

Expert Comment

by:Cutshall
ID: 22624182
I thought doing a "show arp" will only give you the mac address and the port right?  Since the device is Layer 2, it doesn't really understand IP addresses.
0
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:BPGInfotech
ID: 22624263
Ok... I am going to split the point between the two but give the majority to donjohnston and her is the reason why... I had already stated that I was able to do a show mac-address-table on the switch that I wanted to find the IP address.  By doing this command I can see the mac address associated to a given port.  donjohnsoton mentioned the default gateway and that is the key point here... I tried to do a show arp on our router and it only showed info on what is connected to that device... really just external IP Addresses... but our Firewall I did the show arp and I was able to get the ip address of all devices with their mac address... I then cross referenced the command I did on the switch to get the matcing IP address.  We have a ASA5510 firewall and the show arp command gave me the info...

Thanks for your resposes
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 22624402
>I thought doing a "show arp" will only give you the mac address and the port right?  Since the device is Layer 2, it doesn't really understand IP addresses.

The 3560 is a multilayer switch. As such, if IP routing is enabled (and if the device is communicating with the switch), then it's IP address, MAC and port will be displayed in the ARP cache of the switch.
0
 

Author Comment

by:BPGInfotech
ID: 22624486
Show arp on teh 3560 switch gave IP and MAC but only from two of my servers and my firewall the ASA5510.  But the "show mac-address-table" on the 3560 gave me the mac and port... which was half of my issue I knew what port was in question.  So by doing the "show arp" on my ASA I got a list of IP Addresses and Mac Addresses... I then matched the Mac from the mac-address-table command to get the IP Address.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CISCO Smartnet agreement 5 72
Unable to ping a server in the same subnet 10 146
Etherchannel balancing 10 46
Mac address in Nexus7K fex port 5 45
The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question