Finding an IP address of a switch

Before the current IT department came on board, there was a network set up for our Radiology department to transmit PACS images to an offsite location for reading.  The problem is is that the old department has quit and there is no documentation on any of it.  I have two Bay Network Bay Stack 303 switches and 2 Cisco routers on that network.  We know the IP addresses of the routers but not the switches.  My question there software out there that can automatically scan our network and tell me all of the IP ranges and the MAC addresses of the devices that correspond with them?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AngryIP scanner will work in this case. Simple and effective.
MHCITAuthor Commented:
I just tried it, but I still have to input a specific IP range, I would like it to automatically tell me what IP ranges are in use on our network.  Any other ideas?

good network  devices do have serial console port (cisco does). Maybe the swicthes have the RS232 connection (it maybe DB9 connector or RJ45 connector) so you can connect to them using null modem cable.
says that there should be DB9 serial port console on the switches. If there are passwords set and you don't know them you will be able to use the serial console to reset the password probably. Use the console to read/modify  the switch settings...
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

MHCITAuthor Commented:
That is the problem we are running into when we try to telnet to the one's we know, it's asking for a username and password and nobody know's what it is.  Do you know of a way to reset them on the Baynetwork Baystack 303?
Have you tried resetting the password?
Within 30 seconds of booting, enter "tEmpEst_sAvEr" to perform a password reset.  Shouldn't work over telnet.  Should be physically at the console.
MHCITAuthor Commented:
I will give it a try when we can restart the switch.
Be careful rebooting these, old devices have a tendency to forget configurations on reboot, and you don't know what configurations you may have active that you don't have saved here. So do a little detective work first. Look at the baystacks and write down what ports are active (blinky lights) and trace the attached cables as far as you can. White down all labeling info for future use. If you know any of the mac addresses, ip addresses or network settings (speed duplex, etc ) for the devices (MRI/CT/Imaging stations)  white them down as well. The mac addresses may be on a label next to the ethernet card on the scanners.

Now, attempt to enter the password "NetICs"

This was a default at one point.

Okay, assuming the routers are handling all the networking connectivity for the devices, looking at the interface configurations of the cisco interfaces facing the bay networks devices may help you with the inventory phase.

A  " show ip arp" command will tell you all the currently talking devices on the network segment on the logical/physical networks connected to the router. If those correspond tou your station IPs then

Looking at the interfaces facing the baystacks, does the ip range correspond to what the number of devices you know are physically connected to the switches? If so, the switches are probably configured as layer 2 devices.

do a "show IP route" to see if there are networks besides the locally configured ip range pointing at a device on the bay network inteface(es) .

Usint the interface IP range, use angryip to scan the networks you learned from the interface configurations and the arp and ip route commands.

Do a show IP arp on the cisco right after each scan, you should have the most arp entries at this point.

If (as I strongly suspect) there is a single IP range on each cisco facing interface, we know that most likely we can replace the bay network switches with any commodity switch, and we are ready to do the reboot.

Make sure you have a good console connection. Terminal settings   9600 N,8,1 , no flow control. The cable is a female to female straight thru serial connector. If you have two old school cisco db9 to rj45 connectors put an ethernet cable between them.

Hit enter and if that gives you nothing control x or control y in the terminal.

It should prompt you for login. Try "NetICs" again.

If not , do the reboot, have the pasword in your buffer so you can paste it into the device quickly. It is "tEmpEst_sAvEr" without the quotes.

Within the first 60 seconds after booting the switch, type the following: "tEmpEst_sAvEr". The switch will then prompt user to enter a new password.

If all else fails you can replace these switches with any commodity switch, they are just 10/100 ethernet switches, without vlan capability. I realize that there is little tolerance for downtime in an imaging environment however...
I don't see the drawback of having to enter a range for angryipscanner to scan...

If your network uses 192.168.x.x enter the range to

If your network uses 172.x.x.x enter the range to

If your network uses 10.x.x.x enter the range to

Then let it run. Use Ctrl+H to jump to the next live node it found rather than scrolling and scrolling them.

I assume you don't have any monitoring taps at a few locations in your LAN, if the original maintainers left you in the lurch as they did (it's one thing to get fed up and quit, in which case the professional thing to do would be leave all documentation and engineering notes; it's quite another to be forced out while possibly still being owed money, in which case everything not nailed down would probably disappear with the old department)...  so wireshark wouldn't do much good at this point (without aggregating taps to watch, all it would see besides traffic to and from the computer it's running on would be broadcasts).
I think he does not know the IP range, though he should be able to get it from the Cisco configuration.
MHCITAuthor Commented:
What we are running into is this....Our radiology images go down a 172.16 network.  Our internal network is 10.10.  I would like something to automatically go out and search for all IP configurations behind our firewall so that I know what we have.  I've been here for almost 2.5 years and am still finding router's and switches in ceilings and closet's that I didn't know where there.  I do know that the 172 network is there, but trying to identify where all of the cables run and what devices are running on it is what I need the software for.  
Understood. Using an IP scan application like angryip or NMAP, scan the network ranges that you discover from your routing devices. Unless they are completely isolated from the internal network, the networks themselves should show up in the ca central Crisco device using the "show ip route" command.

This should tell you what IP networks are accessible from that router.

After you scan do a "show ip arp" command to get an IP to mac address correlation.

If the networks are not attached to your core network, this may be difficult.

The Bay network switch models you mention are not very modern, essentially they are pretty much the same as a netgear 16 port switch, however you can see some things like port/mac address tables remotely. By looking at the configuration of the attached cisco devices you will get a much better Idea of the overall network.
If you post the results of a "show ip route" on the ciscos that you say you have access to, we can tell you what to look for...

> I don't see the drawback of having to enter a range for angryipscanner to scan...

the one drawback is you can hit the max size of ARP cache tables on some devices.  It depends on the network topology, the max size of the ARP table on the device, the speed of scan etc.

For example if the network is behind a router and the router has this IP range directly assigned to it's interface it will generate ARP queries. Most of the queries will not be replied and 'incomplete' records will fill the ARP cache up soon.
The same can happen to station where the scan is being running on (if the station is directly connected to the subnet).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.