How to determine which switch and port a device is connected to
Some times you need to trace a device (PC or notebook) is connected to which switch and port. For example, you need to find which switch and port is connected to a rogue DHCP server. If you are using Cisco catalyst switch, having the device IP and/or MAC address in hand you can find the device by searching at the mac address table of the switch. Although it is not difficult to do, in a big network, this task can be time consuming.
Here are the steps to do it.
Logon to a switch that you think might likely be the candidate switch or simply logon to the core switch, then go to the Privileged EXEC mode.
Switch1> enable
Switch1#
If you know the IP address of the device then try to ping it from within the switch. If the device is pingable, then do a simple sh ip arp command. This command will show the MAC address of the device. .
Switch1#sh ip arp 10.1.1.3
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.1.3 8 001b.783a.a854 ARPA VLAN1
Then, do the show mac-address command on the switch. This will show the interface to which it is connected to or through which it is lerned.
Switch1# sh mac-address-table address 001b.783a.a854
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
001b.783a.a854 Dynamic 1 FastEthernet0/31
Switch1#
This indicate the the device is connected to port FastEthernet0/31. There you can find the device.
If the result indicates that the device is connected through another switch by an uplink interface, then simply do a sh cdp neighbor detail command to see the information of the switch that through which the device connected to.
Switch1#sh cdp neighbor detail
-------------------------
Device ID: FOX04364368(Switch2)
Entry address(es):
IP address: 10.1.0.2
Platform: WS-C4006, Capabilities: Trans-Bridge Switch
Interface: FastEthernet0/48, Port ID (outgoing port): 6/37
Holdtime : 140 sec
Version :
WS-C4006 Software, Version McpSW: 6.3(5.0) NmpSW: 6.3(5)
Copyright (c) 1995-2002 by Cisco Systems, Inc.
advertisement version: 2
VTP Management Domain: 'mydomain'
Native VLAN: 1
Duplex: full
Logon to the connected switch and then run through it again find the port. You might need to repeat the steps until you find the switch and the port.
If you are using the Catalyst 4006 that use CatOS, the command will slightly different.
Use sh cam dynamic to see the mac-address table. It will list all mac-address table on the switch.
Switch2> (enable) sh cam dynamic
* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry.
X = Port Security Entry $ = Dot1x Security Entry
VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type]
---- ------------------ ----- -------------------------------------------
1 00-00-aa-b4-52-12 2/1 [ALL]
1 00-06-b1-12-1e-e2 2/2 [ALL]
1 00-0c-29-1d-f8-e8 2/1 [ALL]
If you know the MAC address, the find which port a device is connected to, simply use this command:
Switch2> (enable) sh cam 00-02-b3-b0-4c-83
* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry.
X = Port Security Entry $ = Dot1x Security Entry
VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type]
---- ------------------ ----- -------------------------------------------
1 00-02-b3-b0-4c-83 6/23 [ALL]
Total Matching CAM Entries Displayed =1
Switch2> (enable)
This indicate the port to which the device is connected to.
If you prefer to use GUI application, there are some application that make it easier to do this task.
Some of them are Managed SwitchPort Mapping tool, and Solarwind. Managed SwitchPort Mapping tool is a small/simple application just for switch and router port mapping.