Assume you are supporting a big datacenter where multiple Access Switches are connected to the core switches or routers and then tracing a device like a PC or a server for troubleshooting or security purposes is one of those tasks that you often end up doing. This is not a difficult task but can certainly a time consuming.
To start with, first you will have to obtain IP address of the end machine you want to trace, this can be done by login into the end device yourself or asking the details from the owner or user of that machine.
Core1# sh ip arp 192.168.1.15
Protocol Address Age(min) Hardware Addr Type Interface
------------------------------------------------------------------
Internet 192.168.1.15 22 0000.1111.1111 ARPA Vlan1
From the above we know the MAC Address of the device:
IP Address : 192.168.1.15
MAC Address : 0000.1111.1111
Now, do a show mac-address-table command on the core switch or router. This will show the interface to which it is connected or through which it is learned.
Core1# sh mac-address-table address 0000.1111.1111
This shows the ports Te1/1 or Te2/1 as a source through which the address is learnt.
Now, do a "show cdp neighbors" to show the directly connected devices.
Core1# sh cdp neighbors
Capability Codes:
R Router, T Trans Bridge, B Source Route Bridge
S Switch, H Host, I IGMP, r Repeater, P Phone
DeviceID LocalIntrfce Holdtme Capability Platform PortID
---------------------------------------------------
AccessSW1 Ten 1/1 129 RSI WS-C6509 Ten1/1
That tells you, it is the AccessSW1 that is connected to Te1/1 and not the device itself.
Now, log onto the Access switch and do a "show mac-address-table" command for the MAC address and that should show the interface to which it is connected
NOTE: unless it is a distribution switch to again there are a bunch of Access switches connected in which case, you need to go through the whole procedure as above again
AccessSW1# show mac-address-table 0000.1111.1111
vlan mac address type learn age ports
--------------------------------------------------
* 1 0000.1111.1111 dynamic Yes 10 Gi1/24
As you can see which port the device is connected and on which switch.
Now do a "show interface" command to show the port details.
AccessSW1>sh int gigabitEthernet 1/24
GigabitEthernet1/24 is up, line protocol is up (connected)
Hardware is C6k 1000Mb 802.3, address is xxxx.xxxx.xxxx (bia xxxx.xxxx.xxxx)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s
Here we go, found the last hop switch-port to which the end machine is connected to.
To start with, first you will have to obtain IP address of the end machine you want to trace, this can be done by login into the end device yourself or asking the details from the owner or user of that machine.
Now you have an IP address on hand, quickly ping and check if the device is pingable. If yes, then simply login to one of your core switches or routers and do a simple sh ip arp
Core1# sh ip arp 192.168.1.15
Protocol Address Age(min) Hardware Addr Type Interface
------------------------------------------------------------------
Internet 192.168.1.15 22 0000.1111.1111 ARPA Vlan1
From the above we know the MAC Address of the device:
IP Address : 192.168.1.15
MAC Address : 0000.1111.1111
Now, do a show mac-address-table command on the core switch or router. This will show the interface to which it is connected or through which it is learned.
Core1# sh mac-address-table address 0000.1111.1111
Legend: * primary entry
age seconds since last seen
n/a not available
age seconds since last seen
n/a not available
vlan mac address type learn age ports
-----------------------------------------------------
* 1 0000.1111.1111 dynamic Yes 10 Te1/1
This indicates that the device is either directly connected to the port Te1/1 or there is another switch which is connected to this interface. Looking at this interface, it is very likely that this is a uplink (TenGigabit Ethernet link) to another Distribution or Access switch.
Sometimes, the output might show as follows (Po1)
Legend: * primary entry
age seconds since last seen
n/a not available
vlan mac address type learn age ports
--------------------------------------------
* 1 0000.1111.1111 dynamic Yes 10 Po1
This indicates that there is a etherchannel is being setup, so do a "show etherchannel" command to find the physical ports that are paired with Po1.
Core1# show etherchannel summary
Flags: D down
-----------------------------------------------------
* 1 0000.1111.1111 dynamic Yes 10 Te1/1
This indicates that the device is either directly connected to the port Te1/1 or there is another switch which is connected to this interface. Looking at this interface, it is very likely that this is a uplink (TenGigabit Ethernet link) to another Distribution or Access switch.
Sometimes, the output might show as follows (Po1)
Legend: * primary entry
age seconds since last seen
n/a not available
vlan mac address type learn age ports
--------------------------------------------
* 1 0000.1111.1111 dynamic Yes 10 Po1
This indicates that there is a etherchannel is being setup, so do a "show etherchannel" command to find the physical ports that are paired with Po1.
Core1# show etherchannel summary
Flags: D down
P bundled in port-channel
I stand-alone s suspended
H Hot-standby (LACP only)
R Layer3 S Layer2
U in use f failed to allocate aggregator
M not in use, minimum links not met
u unsuitable for bundling
w waiting to be aggregated
Number of channel-groups in use: 6
Number of aggregators: 6
Group Port-channel Protocol Ports
--------------------------------------------------
1 Po1(SU) - Te1/1(P) Te2/1(P)
I stand-alone s suspended
H Hot-standby (LACP only)
R Layer3 S Layer2
U in use f failed to allocate aggregator
M not in use, minimum links not met
u unsuitable for bundling
w waiting to be aggregated
Number of channel-groups in use: 6
Number of aggregators: 6
Group Port-channel Protocol Ports
--------------------------------------------------
1 Po1(SU) - Te1/1(P) Te2/1(P)
This shows the ports Te1/1 or Te2/1 as a source through which the address is learnt.
Now, do a "show cdp neighbors" to show the directly connected devices.
Core1# sh cdp neighbors
Capability Codes:
R Router, T Trans Bridge, B Source Route Bridge
S Switch, H Host, I IGMP, r Repeater, P Phone
DeviceID LocalIntrfce Holdtme Capability Platform PortID
---------------------------------------------------
AccessSW1 Ten 1/1 129 RSI WS-C6509 Ten1/1
That tells you, it is the AccessSW1 that is connected to Te1/1 and not the device itself.
Now, log onto the Access switch and do a "show mac-address-table" command for the MAC address and that should show the interface to which it is connected
NOTE: unless it is a distribution switch to again there are a bunch of Access switches connected in which case, you need to go through the whole procedure as above again
AccessSW1# show mac-address-table 0000.1111.1111
vlan mac address type learn age ports
--------------------------------------------------
* 1 0000.1111.1111 dynamic Yes 10 Gi1/24
As you can see which port the device is connected and on which switch.
Now do a "show interface" command to show the port details.
AccessSW1>sh int gigabitEthernet 1/24
GigabitEthernet1/24 is up, line protocol is up (connected)
Hardware is C6k 1000Mb 802.3, address is xxxx.xxxx.xxxx (bia xxxx.xxxx.xxxx)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s
Here we go, found the last hop switch-port to which the end machine is connected to.
Comments
Post a Comment