• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 386
  • Last Modified:

Bad Switch Mac Address

I am currently having a problem in my network where there is a device that I’m not aware of that is trying to become the Root Switch, the Mac address of this device is  showing up as an manufacture I’m not using, Is there a good way to track down were the device could be located?

  • 2
1 Solution
What model switches are you using?
If it is Cisco switch, you can run one of the following command depends on the version of IOS.

sh mac address-table address xxxx.xxxx.xxxx

sh mac-address-table address xxxx.xxxx.xxxx

This will tell you which switch port the MAC address is connected to.
As a follow up to Infamus, if you have a larger infrastructure, you may end up hopping from switch to switch to track down the actual switchport where the device is connected.

If so, you can use sh cdp neighbors detail to see the other Cisco devices connected to your current switch.
TimotiStDatacenter TechnicianCommented:
If it does become the root switch, the STP 'root port' will point towards it.
As @Infamus says, you might find it in the mac table with 'sh mac address-table'.
But the main point would be to implement BPDU protection on the edge ports. BPDU-guard can shut down the port, in which case you can find the user without network access pretty quick (if that's accceptable in the organization)...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now