How to discover the IP address of a wireless access point without looking at the DHCP client list

Posted on 2009-05-15
Last Modified: 2012-05-07
I need to discover the IP addresses of a few Cisco 1300 access points in order to login to them and configure them.  Does anyone have any suggestions?  They are mounted pretty high so getting to them would be a pain in the A**!
Question by:JJMarquart
  • 4
  • 3
  • 2
  • +2

Expert Comment

ID: 24400058
Do you have access to any other cisco device on the same network?

You can use cdp (Cisco Discovery Protocol) to find some info about each one and hopefully which switch port it is on.

You can then use the mac address table and arp entries on the switch/router to find the IP address.

Let me know if you have access to a cisco device on the network already. If not we can look at using nmap (Network Mapper) to find them.

Expert Comment

ID: 24400090
You are a network administrator and not hacking, right?

You could try a sniffer like



Author Comment

ID: 24400158
I looking to be the new admin.  They want to replace the old one.  They want to know if I can manage their network.  Which I'm pretty sure I can.  One thing I am iffy about is they have a SBS server that is involved somehow with the wireless possibly for RAIDUS authentaction but you don't have to enter a logon to get on the network.  They also have a nomadix gateway too.

I use netsumbler all the time but never saw the IP of the AP just the AP and SSID.  Am I missing something? I don't work with Linux so not sure about Kismet, unless they have a windows app I'm not aware of.

Thanks for the feedback!

Expert Comment

ID: 24400168
I was assuming you have the credentials to login to them correct? Otherwise, you are going to need to scissor lift on up there. I know it isn't fun trust me, I have had to do it a few times.

Expert Comment

ID: 24400184
Do you have the username and password to login to the Cisco devices when we do find them? If not then we need to gain physical access to the devices. Knowing the IP address will not do much more than get you a login prompt that you can't do anything with or a web interface asking for the same. Since you are taking over a Cisco network I'm assuming you know the Cisco IOS?
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.


Author Comment

ID: 24400191
there is a 24 port managed Cisco switch but I don't have access to it at the moment.

Author Comment

ID: 24400202
I was hoping for the default UN and PW to work.  If not I told them they would need to get that info from the current admin.

Expert Comment

ID: 24400299
I thought Netsumbler showed IPs, but maybe it doesn't. Looks like Ethereal does:

Accepted Solution

cwalter9 earned 250 total points
ID: 24400460
If you can get on the Cisco switch you can do:

sh cdp neighbors

It will list each Cisco device on it and the port which it is connected to. It will also provide it's hostname if set, the type of device it is, if there are other switches on the network this would help you find those also.

Lets say that it told you that one of the APs was on port Gig3/36 then you can do:

#sh mac-address-table | inc 3/36
   1    0011.85d7.facc   dynamic ip                    GigabitEthernet3/36

Now you have the mac you can do:

sh arp | inc facc

Which will give you the IP address.

You could also download and bootup a Knoppix CD and use nmap to map the network.
LVL 14

Assisted Solution

Roachy1979 earned 250 total points
ID: 24401455
Nmap with OS detection will do it.  It'll certainly give you mac, ip and IOS version.

Got to, download and install nmap and then run

Nmap -sS -sV -O

Against your ip range.
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24402132
You could try Softperfects Network Scanner (which is FREE) from

We have used this to discover IP Addresses on networks when we don't know what we are looking for IP Address wise.

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the purchase of CloudCommand by Comcast customers are left in a bind as subscriptions expire and render the AP's disabled. The following will explain how to flash your Ubiquiti AP's with CloudCommand firmware back to Ubiquiti firmware. HOWTO…
In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now