Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


How to discover the IP address of a wireless access point without looking at the DHCP client list

Posted on 2009-05-15
Medium Priority
Last Modified: 2012-05-07
I need to discover the IP addresses of a few Cisco 1300 access points in order to login to them and configure them.  Does anyone have any suggestions?  They are mounted pretty high so getting to them would be a pain in the A**!
Question by:JJMarquart
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2

Expert Comment

ID: 24400058
Do you have access to any other cisco device on the same network?

You can use cdp (Cisco Discovery Protocol) to find some info about each one and hopefully which switch port it is on.

You can then use the mac address table and arp entries on the switch/router to find the IP address.

Let me know if you have access to a cisco device on the network already. If not we can look at using nmap (Network Mapper) to find them.

Expert Comment

ID: 24400090
You are a network administrator and not hacking, right?

You could try a sniffer like



Author Comment

ID: 24400158
I looking to be the new admin.  They want to replace the old one.  They want to know if I can manage their network.  Which I'm pretty sure I can.  One thing I am iffy about is they have a SBS server that is involved somehow with the wireless possibly for RAIDUS authentaction but you don't have to enter a logon to get on the network.  They also have a nomadix gateway too.

I use netsumbler all the time but never saw the IP of the AP just the AP and SSID.  Am I missing something? I don't work with Linux so not sure about Kismet, unless they have a windows app I'm not aware of.

Thanks for the feedback!
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.


Expert Comment

ID: 24400168
I was assuming you have the credentials to login to them correct? Otherwise, you are going to need to scissor lift on up there. I know it isn't fun trust me, I have had to do it a few times.

Expert Comment

ID: 24400184
Do you have the username and password to login to the Cisco devices when we do find them? If not then we need to gain physical access to the devices. Knowing the IP address will not do much more than get you a login prompt that you can't do anything with or a web interface asking for the same. Since you are taking over a Cisco network I'm assuming you know the Cisco IOS?

Author Comment

ID: 24400191
there is a 24 port managed Cisco switch but I don't have access to it at the moment.

Author Comment

ID: 24400202
I was hoping for the default UN and PW to work.  If not I told them they would need to get that info from the current admin.

Expert Comment

ID: 24400299
I thought Netsumbler showed IPs, but maybe it doesn't. Looks like Ethereal does:

Accepted Solution

cwalter9 earned 1000 total points
ID: 24400460
If you can get on the Cisco switch you can do:

sh cdp neighbors

It will list each Cisco device on it and the port which it is connected to. It will also provide it's hostname if set, the type of device it is, if there are other switches on the network this would help you find those also.

Lets say that it told you that one of the APs was on port Gig3/36 then you can do:

#sh mac-address-table | inc 3/36
   1    0011.85d7.facc   dynamic ip                    GigabitEthernet3/36

Now you have the mac you can do:

sh arp | inc facc

Which will give you the IP address.

You could also download and bootup a Knoppix CD and use nmap to map the network.
LVL 14

Assisted Solution

Roachy1979 earned 1000 total points
ID: 24401455
Nmap with OS detection will do it.  It'll certainly give you mac, ip and IOS version.

Got to, download and install nmap and then run

Nmap -sS -sV -O

Against your ip range.
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24402132
You could try Softperfects Network Scanner (which is FREE) from

We have used this to discover IP Addresses on networks when we don't know what we are looking for IP Address wise.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hopefully this article will help someone who's had the same issues I had. I have a Dell Wireless 1390 WLAN Mini-Card and Windows 7, and for the past couple of days I was beyond frustrated because my wireless laptop was not able to access the Inte…
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question