Solved

Bad Switch Mac Address

Posted on 2013-11-19
4
344 Views
Last Modified: 2013-12-09
Hello,
I am currently having a problem in my network where there is a device that I’m not aware of that is trying to become the Root Switch, the Mac address of this device is  showing up as an manufacture I’m not using, Is there a good way to track down were the device could be located?

Thanks
0
Comment
Question by:ahmad1467
  • 2
4 Comments
 

Expert Comment

by:Dhurken
ID: 39660040
What model switches are you using?
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39660150
If it is Cisco switch, you can run one of the following command depends on the version of IOS.

sh mac address-table address xxxx.xxxx.xxxx

sh mac-address-table address xxxx.xxxx.xxxx

This will tell you which switch port the MAC address is connected to.
0
 

Expert Comment

by:Dhurken
ID: 39660180
As a follow up to Infamus, if you have a larger infrastructure, you may end up hopping from switch to switch to track down the actual switchport where the device is connected.

If so, you can use sh cdp neighbors detail to see the other Cisco devices connected to your current switch.
0
 
LVL 17

Accepted Solution

by:
TimotiSt earned 500 total points
ID: 39660334
If it does become the root switch, the STP 'root port' will point towards it.
As @Infamus says, you might find it in the mac table with 'sh mac address-table'.
But the main point would be to implement BPDU protection on the edge ports. BPDU-guard can shut down the port, in which case you can find the user without network access pretty quick (if that's accceptable in the organization)...
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Do you have a computer or other electronic gear that is attached to a rat nest of cables, or alternatively have your cables all bundled nice at neat?  If so then read this post to sidstep common pitfalls. When I was a student at DeVry University,…
When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now