cisco - determining what user/device is connected to a port


Recommended Posts

need to quickly determine on the switch level which user is connected to what port.  I could do it at the port that the computer is plugged into, the issue is I need to know at the switch what port they are plugged into...(I don't know where the computer is, I know the computer name and mac)...If I knew where it was I could easily determine port.  The issue is that they are assigned the wrong vlan, we haven't done dynamic vlans yet...that will be a project I am taking on in a while (who would have thought I needed to do with only a few hundred computers).  Damn techs not paying attention. 

Link to comment
Share on other sites

sh ip arp | inc xxxx.xxxx.xxxx might give you the IP if you have IP routing on. Other than that I'm not sure what you'd get from viewing the MAC table other than the port which you say you already have. If you need an active directory username a firewall might be helpful if it's logging that information.

Link to comment
Share on other sites

sh ip arp | inc xxxx.xxxx.xxxx might give you the IP if you have IP routing on. Other than that I'm not sure what you'd get from viewing the MAC table other than the port which you say you already have. If you need an active directory username a firewall might be helpful if it's logging that information.

 

I think you need to read it again - OP has the host computer's name and MAC address, but does NOT know which port the host is connected to at the switch, and needs to determine this at the switch in order to then correct the statically assigned vlan on that swichport.

 

To be fair, what the OP wrote was a little confusing - I'm not sure what exactly was meant by "I could do it at the port that the computer is plugged into", perhaps physically following the wire from host to switch? Though OP also said "I don't know where the computer is"...

Link to comment
Share on other sites

If I knew where the computer was, I could there and either install software on the computer or unplug it and plug in my fluke which would tell me the information of the switch that the port is plugged into (hostname, model, switchport, and vlan); Cisco Discovery Protocol is a wonderful thing. 

 

The issue is, I don't physically know where that computer is.  It is in one of the many shared locations with multiple users accessing it...a proverbial needle in a haystack situation.  I could remote into it disrupting the user that is on it, but I would rather not do that.  I have tried to isolate the port, but it doesn't make sense.  It is saying that the computer is connected to a port that one of my wireless access points are connected to (as well as every main junction port (fiber uplinks)/switch between the firewall and the end switch).  Perhaps I should change that early tomorrow morning/late tonight to see if there is any effect.  I could easily change that port config back if it is wrong.  The mac isn't a wireless nic, it is wired. 

 

It could very well be plugged into the wireless port as the junior techs randomly plugged crap in without consulting engineering (a very good reason to go with dynamic vlan assignments, my next project)

 

 

Thinking about it, I should just change the port to see if it does effect the user computer. If  it effects the wireless ap, I will get a email stating that it is down within 5 minutes.

 

If you don't have one a link runner at-1000 is a great tool to have to carry around (takes seconds to boot and seconds to determine port config).  If not a link sprinter is a good second choice (far cheaper)...that works by utilizing a bluetooth connection to your smartphone or smartdevice to display the information.  You could use a laptop or ultrabook, but that is pretty bulky to carry around with you.  Very invaluable in determining switchport when cabling information is wrong, closet location (how many meters long is the cable), or if you name your switches friendly/logically you can determine where by switch name.  Someone was confused as to how I would be able to locate port if I knew where the computer was physically and/or didn't make sense as to how, this is how.

Link to comment
Share on other sites

If I knew where the computer was, I could there and either install software on the computer or unplug it and plug in my fluke which would tell me the information of the switch that the port is plugged into (hostname, model, switchport, and vlan); Cisco Discovery Protocol is a wonderful thing.

Ah yes, CDP. Although I studied CCNA and CCNP materials during my CS degree, and have copies of the textbooks on my bookshelf next to me, I've never actually used a device like your fluke and so I didn't realise that you could get info such as the switchport number from the host end with such a device or with s/w on the host. I'd also largely forgotten about CDP.

The issue is, I don't physically know where that computer is.  It is in one of the many shared locations with multiple users accessing it...a proverbial needle in a haystack situation.  I could remote into it disrupting the user that is on it, but I would rather not do that.  I have tried to isolate the port, but it doesn't make sense.  It is saying that the computer is connected to a port that one of my wireless access points are connected to (as well as every main junction port (fiber uplinks)/switch between the firewall and the end switch).  Perhaps I should change that early tomorrow morning/late tonight to see if there is any effect.  I could easily change that port config back if it is wrong.  

 

It could very well be plugged into the wireless port as the junior techs randomly plugged crap in without consulting engineering (a very good reason to go with dynamic vlan assignments, my next project)

Hmm :/ Computer names incorporating room numbers might be useful in future.

Good luck finding it.

Link to comment
Share on other sites

CDP would only show you Cisco stuff, Wireless AP's Phones other Switches etc. Not PC's You could do it the pain in the arse way. Get a Ping Going to each machine from somewhere. Then shut the port down one by one and see which one goes off. 

 

Depends how many you have to do. Obviously for a 24 port switch a few hours, Including a few cups of tea  :laugh:

Link to comment
Share on other sites

Yep that is the plan for Monday. I will shut down the port that it says it is on and see if ping stops. My brain was on get out of here mode on Thursday...holiday weekend for US.

Link to comment
Share on other sites

Sounds like when you looked up the MAC address it detected it as being on the other end of a trunk link. This has happened to me many times. Did you try doing the mac lookup from whatever that distant end device is?

Link to comment
Share on other sites

I think you need to read it again - OP has the host computer's name and MAC address, but does NOT know which port the host is connected to at the switch, and needs to determine this at the switch in order to then correct the statically assigned vlan on that swichport.

 

To be fair, what the OP wrote was a little confusing - I'm not sure what exactly was meant by "I could do it at the port that the computer is plugged into", perhaps physically following the wire from host to switch? Though OP also said "I don't know where the computer is"...

Yeah, I read that at 3am and totally misunderstood. Reading it now after a good night's rest and I see what he's saying. Sorry about that!

Link to comment
Share on other sites

 

I have tried to isolate the port, but it doesn't make sense.  It is saying that the computer is connected to a port that one of my wireless access points are connected to (as well as every main junction port (fiber uplinks)/switch between the firewall and the end switch)

 

sc302 - I am a bit confused, you have not followed down a mac before?  I think maybe you were in vacation mode for the 4th and having a brain fart??

 

as you can see the 2ab0 mac I know is my wifes laptop, and clearly I see on the same port the AP is on gi9

post-14624-0-29310800-1436127588.png

 

Along with many other macs..  If you see lots of macs on a port, its either a trunk uplink to another switch or access port for say a AP that puts everything in 1 vlan, etc.  Follow the trail until you get to a single port..  For example If I follow the mac for my dvr that happens to be uplink on uplink port of my sg300 to my other switch gs108t but in the same wlan vlan 20, I can check my other switch and its on port 4 on that switch.

 

post-14624-0-32859900-1436129105.png

 

If you want to get fancy for future use and install lldp on your PCs, microsoft version is not the standard so your switches will not see it that support lldp and cdp even ;)  http://www.hanewin.net/lldp-e.htm but its not free.. I have not seen a FREE cdp or lldp agent for windows, linux is very easy..

 

I have it running on some of my home stuff.. For example my linux boxes, and even enabled both cdp and lldp on my esxi host.  And pfsense you can use the ladvp package for cdp and lldp info.. The ladvp package also support EDP and NDP if you want to use that, etc.

 

notice my windows i5-w7 box is showing up in both cdp and lldp ;)

post-14624-0-75467700-1436129174.png

 

You would think MS would of just used standard for the lldp they provide -- but sadly no..  But that is MS for you, lets not play nice.. Lets do our own ###### that nobody will really be able to use ;)

  • Like 1
Link to comment
Share on other sites

You would think MS would of just used standard for the lldp they provide -- but sadly no..  But that is MS for you, lets not play nice.. Lets do our own ###### that nobody will really be able to use ;)

Heh, so is it even LLDP at that point? They might as well just call it MSDP.

Link to comment
Share on other sites

agreed confusing is they call it link layer topology discovery its real confusing.. 

Link to comment
Share on other sites

Fwiw, using the ubiquity controller I would easily be able to see if it were wireless...Not there and all clients on the right vlan according to the interface

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.