1/10/2021 Port Knock Client For Mac
Port knocking is a stealthy network authentication system that uses closed ports to carry out identification of trusted users. The system permits manipulation of firewall rules from a remote host across closed ports through encrypted channels.
Active5 months ago
On a Cisco Catalyst switch, I need to find what port an end device is connected to.
I have the IP address/host name.
How do I quickly find the port?
Brett LykinsBrett Lykins
7,59855 gold badges2929 silver badges6464 bronze badges
10 Answers
The answer depends on whether the switch is a Layer 2 or a Layer 3 switch. That is to say, is the switch only switching and relaying traffic on to a different device for routing, or, is it doing the routing decisions itself via SVIs (switched virtual interfaces).
On a layer 3 switch, the port can be found by using a few simple commands on the device. However on a layer 2 switch, you have to log into both the switch and whatever device is doing the routing to locate the port. Remote desktop connection client 2.1.1 for mac.
In either case, the commands are the same, just run on two different boxes for the layer 2 switch.
On a Layer 3 switch:
On a Layer 2 switch:
5,30433 gold badges1818 silver badges4242 bronze badges
Brett LykinsBrett Lykins
7,59855 gold badges2929 silver badges6464 bronze badges
Firstly, you need to get the MAC address, so get into a machine on the same VLAN and look at its neighbour table - Windows is
netsh int ipv4 show neigh , Linux: ip nei Cisco: show ip arp x.x.x.x . Once you have that..
If this is a discovery job on a layer 2 switch, do
show mac address-table | i 0011.2233.4455 - replacing the mac address bytes as appropriate.
If on the other hand it's a router, use
show ip arp | i 0011.2233.4455 - again replacing the MAC as appropriate. Obviously when you were getting the MAC, if it turned out to be directly connected to that router, you're already done.
Long-term however, I heartily recommend that you setup LLDP (failing that, CDP) to your hosts so that you can identify them from either side. lldpd is an absolutely excellent LLDP daemon for Linux that also supports CDP, EDP, SONMP and FDP. If you're currently able to reach the host and it does happen to run linux/BSD, I'd recommend skipping the above and just turn on LLDP.
OliproOlipro
Active Client For Mac
Mac mail client for exchange. Regardless of whether your switch is performing frame forwarding (layer 2) or packet routing (layer 3), the following should work if the switch has a management IP address in the same subnet as the host you want to find:
Yosef GunsburgYosef Gunsburg
Quickly?
Port Knock Client Mac
00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/1, changed state to down
Note, if you are connecting to the switch from the endpoint you are unplugging you will not get the syslog message because you will have cut connectivity.
Ron RoystonRon Royston
3,60411 gold badge77 silver badges2525 bronze badges
Just telnet yourself into the switch, then unplug the device, then replug it.The switch will write a message which port was down and then up.
I hope this helps.
DanielDaniel
Enable ip device tracking on the switch. USe the following commands
ip device trackingip device tracking probe delay 30
The second commands prevents the duplicate ip error from popping up on pc's. There is a Cisco bug for it but can't remember the id.
Will want older 12.4 code or 15 code to enable the above.
Jason MannJason Mann
The CAM table on the switch matches the MAC address to the device port. Use 'show mac address-table' on the switch. You can also configure port descriptions to help find devices later too.
Jon RobJon Rob
you want to find:1.At the switch, ping the IP address you want to find. If the address is on the same subnet as the switch's management address, an ARP request will be sent looking for the MAC address of the host.2.Now you can look at the ARP cache and find the MAC address of the host you are looking for (show ip arp) and its corresponding interface.3.You can also look for its MAC address table entry by issuing: show mac-address table address [the address]
MadhuriMadhuri
I have created a few python scripts to help with this and to document the devices connected to the edge switches.
The specific repositories are:pingSVI - takes the output of 'sh run | i ^interface|^_ip address' parses the subnets and pings all hosts. Populates switch's arp table for devices that have timed out.
ARP-Sort - creates a json database of IP-Mac addresses from the core switch
MAC2Manuf - takes the output of 'show mac add int' and uses the json database to create a list of IP-MAC-Port-Manufacture off the edge switch.
Michael HubbardMichael Hubbard
If you issue the command show mac address-table address x, you could also see this MAC being learned on a trunk port. If that is the case (and assuming you're connected to another Cisco device), use 'show cdp nei' and log into that device and perform the same steps as above. Use gmail as email client for .mac. Keep doing this until you see the MAC address being learned on a non-trunk port.
AndyAndy
protected by Ron Maupin♦Mar 25 at 18:18
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead? Not the answer you're looking for? Browse other questions tagged ciscocisco-catalystcisco-ios-12cisco-3750troubleshooting or ask your own question.Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |