Learning has never been so easy!
Show mac address-table. This is the sample of the executed output shown in the image: Show MAC Address in Cisco via Command. Since the above device is not even connected to any other devices, it doesn’t record any MAC Address of any devices at all, show the table of MAC Address List displayed is empty. The image below shows how the device is. A MAC address for the switch can be seen in line 2 of the output of the command. A lot more information is actually output than what is shown. The show arp command will also show some MAC addresses, but only those with which the switch has had some communication at the IP level. The MAC addresses show Ethernet level communications. In some instances, unique MAC addresses may be assigned to the interfaces as well. You can quickly find the IP addresses and MAC addresses on a router with the right tools and procedure. Things You'll Need. Cisco router configured for SSH remote access; Password for SSH access to the Cisco router.
NOTE: This how-to is based on the premise that you have switches with ports that you don't know where they are going, no inter-vlan routing, and do not have access (due to permission restrictions) to some of Spiceworks application features.
Unless you have something like Cisco Network Assistant installed, you need to dig your way through to the switch where the host is connected. Let's say you are looking for MAC address ab12.cf34.aa21, on the router, issue the command: show mac address-table include ab12.cf34.aa21. The output will tell you the port of the connected device, e.g. Hi i blocked some mac address's using this CLI command. How to remove added mac address to access the network. Class-map match-any UNWANTED-PCs. Match source-address mac aaaa.bbbb.cccc. Match source-address mac nnnn.jjjj.dddd. Match source-address mac oooo.llll.pppp! Policy-map block. Class UNWANTED-PCs. Description 'LAN.
A while back I was trying to figure out how to map our network, switchports in particular, but could not gain access to the whole building to test from the wall jacks and/or nodes on our network. I could, however access all the switches, but not our router, and routing is not enabled on our switches anyway, though they are layer 3 capable (pretty much a flat network).
I was unable to perform this task with Spiceworks due to settings our manager imposed, so I had to find a workaround to get the job done.
I used a combination of the command line (Windows 7) and telnet to access the main switches of our network to figure out what is on the end of each switchport. In doing so, knowing the location of system host names, I was able to more accurately map where each switchport went to without having to beg for authorization after hours to investigate this from each physical location. Also, if you have a network larger than 200 nodes, this will definitely help if you have to do it the way I did, even if you do have physical access, because the legwork alone may take days...
5 Steps total
Cisco Find Mac Address
Step 1: Information Gathering: Command Line - PC
In your command window (you may need elevated privileges, and if you don't already have it installed) install NMAP from NMAP.org and run the following command:
nmap -v -sn 192.168.x.1-254
What this command will do is find the hosts in the IP range specified on your network, give you the hostname (if it can find it), IP address, and MAC address. To make it more useful, you can dump it to a text file thusly:
nmap -v -sn 192.168.x.1-254 >> nmapoutput.txt
Then you'll have a nice little document you can work from rather than having to scroll through your command prompt.
If any come up that do not display the hostname, you can try again using NetBIOS with the IP address you get from NMAP as follows:
nbtstat -A 192.168.x.x
This will give you the hostname and MAC address, so you can compare them and modify your text document output for later.
Step 2: Information Gathering - Switch
Next, login to your switches (preferably using telnet or ssh).
I used the command:
telnet 192.168.x.x
Then, select which switch to begin from. The main switch gives me a list of 0,1,2,3 and from there I just select which one I want, based on where I'm looking.
Based on your output from NMAP, if you know the approximate location of the hostname, this may help determine which switch it is attached to. Keep in mind, these instructions are for networks that have little to no routing, pretty much all layer 2 - flat network type. With routing, you may be able to obtain more information off your routers and/or switches (if MLS).
Step 3: Show Commands - Switch
So once in the switch of choice, there were two commands to play with:
show mac-address
and
show mac-address ethernetX (where X = port number)
We have HP switches currently, so for Cisco you would use:
show mac-address fastethernet0/X (where X = port number)
^^^CORRECTION: show mac address-table
is the Cisco command! ^^^
^^^CORRECTION: show mac address-table
is the Cisco command! ^^^
If you use the interface-specific version of the command, you will get a list of MAC addresses learned through that port. With this, all you have to do is find one of the MAC addresses listed here on the text document from NMAPs output, and you'll know that switchport is going to that office (wherever that node is located).
You can then start building a spreadsheet or database with the switch name/location, port number, IP addresses, hostnames, and MAC addresses associated with that port (or you can just use whatever information you need to keep track of what is going where).
Step 4: Troubleshooting - MAC address not learned?
The quickest way to force the switch to learn a MAC address if one seems to be absent from the show mac-address command, ping the IP address associated with the MAC address that is missing.
After your ping, run the show mac-address command again and you should see the address come up. If not, you may have a node that is turned off or something else may be wrong. If you have existing data about current locations, host names, and MAC addresses, you may sift through that as an additional reference, assuming it is up-to-date.
Step 5: Troubleshooting - MAC address shows on more than one switch!
This is normal, as other switches will learn and their CAM tables will add known MAC addresses as frames move through the network. What you need to be aware of are what port numbers link switches together.
The interconnecting ports, often linked via fiber these days, will typically be higher numbered ports. If you have a more basic switch, then it could just be all fastethernet ports and you'll need to know which ones go between switches, but if you have gigabitethernet ports, then typically your interswitch links or trunks will go through those.
If you absolutely have no idea which ones are which, you can try this:
Look at your show mac-address command and see what port the MAC address you are following goes through.
Based on your network topology, go to the next switch and see what ports that MAC address was learned on there.
Note if the port is higher or lower than the previous one, and normally if it's one of the highest numbered ports on the switch, that switch isn't directly linked to that MAC address and has instead learned it from another switch.
You can see more information about ports using the show ip interface brief command or the show ip interfaces command or just the show interfaces command. Also to note, trunked links, if you run the show mac-address gigabitethernet0/x command on it, the list of known MAC addresses will be much larger than a normal switchport. This is because there are many more devices that it learned from the other switches it's connected to.
I hope this how to finds it's way into the browsing path of others who have ran into this problem too. When you have hundreds of devices connected to a network, and poorly kept documentation on what is where and how it's connected, it is important to know how you can find what you're looking for without tearing your hair out too much.
Also, if you happen to be like I was a few years ago, being timid of the command line world, seeing some of the useful ways you can use it like through this how-to and the many scripts our fellow spiceheads post should help you become more comfortable with using the command line for more things. Not only is it typically faster than trying to load a GUI, you can redirect your output to a document for later use :)
NMAP does however offer a feature called Zenmap GUI, which is GUI-user friendly for those who still shy away from the command line. It's sort of a command line GUI for the non-command line user.
Happy networking!
References
- NMAP
Cisco Command Mac Address Table
1 Comment
Cisco Mac Address List
- ChipotlexTROUBLEx Oct 21, 2014 at 12:36amThanks for the share joe.great write up. over looked where you stated Zenmap Gui