Getting IPs of clients on Cisco 3560

[BuGaLoU]

I know this can be done, I am just not sure how.

My question is how do you get the IP of a client device connected to a particular port. I know it is a process of commands, just not sure what exactly. This is on a Cisco catalyst 3560 switch.

 

[atomiser]

for this you want the arp cache of the box... surely it would be something like (from the privelidged exec mode) show ip arp or something along those lines? being creative with the tab key and the ? key should see you working it out?

 

[moetop]

Lety's say the IP address is 10.10.10.10

#1 find the MAC address of that IP address.
-From the router that routes that subnet. "show arp | include 10.10.10.10"
- You also may be able to do it on your PC i.e. "ping 10.10.10.10" then "arp -a"
- there is a getmac tool in XP as well, but has it limitations

Now let's say it returns a mac address of 000a0b0c0d0e

#2 Take that MAC address go to the switch and do a
- show mac-address-table address 000a.0b0c.0d0e

If you are running a swith with CAT os instead of IOS the command would be

- show cam 00-0a-0b-0c-0d-0e

 

[unix_foo]

If you don't know the IP of the attached device;

sho mac- dy

of

sho mac- dy inter faX/X

then

sho ip arp

match the ip address with the particular mac-address you are looking for

 

[BobSutan]

Ping the broadcast address of the local LAN and then check the arp cache. Problem solved.

For example:

3560# ping 192.168.0.255

3560# show arp

**Edit**
Or you can do what the post above mine illustrates.

 

[BuGaLoU]

Ping the broadcast address of the local LAN and then check the arp cache. Problem solved.

For example:

3560# ping 192.168.0.255

3560# show arp

**Edit**
Or you can do what the post above mine illustrates.

Looks like this and the above are only working on the native VLAN. Those addresses show fine but the other VLANs dont. Any ways of peeking into those?

 

[BobSutan]

Looks like this and the above are only working on the native VLAN. Those addresses show fine but the other VLANs dont. Any ways of peeking into those?

Turn on SPAN? I hadn't noticed there were multiple VLANS in play when I posted. If that's the case, set up a management IP on each one and repeat the steps listed above. If the VLANs are transient and you have no way to interact, you may just have to sit down at separate terminals or routers within those VLANs and ping the broadcast and view the arp cache.

 

[BuGaLoU]

Turn on SPAN? I hadn't noticed there were multiple VLANS in play when I posted. If that's the case, set up a management IP on each one and repeat the steps listed above. If the VLANs are transient and you have no way to interact, you may just have to sit down at separate terminals or routers within those VLANs and ping the broadcast and view the arp cache.

I will look into this thanks.

One other question, using your method and assuming the network was flat, would that (pinging the broadcast address) fill the mac table with all macs/ips on the entire segment, or only on that particular switch?

 

[BobSutan]

I will look into this thanks.

One other question, using your method and assuming the network was flat, would that (pinging the broadcast address) fill the mac table with all macs/ips on the entire segment, or only on that particular switch?

All hosts in the subnet should reply to the broadcast ping and populate the arp cache with their MAC addresses.

 

[BuGaLoU]

All hosts in the subnet should reply to the broadcast ping and populate the arp cache with their MAC addresses.

Thought so. So on a larger network there would be too much info to be useful via this method?

I actually learned how to get the ip of a particular port in this thread, but now I'm trying to see if I can get all ips of all hosts connected to 1 switch.

 

[moetop]

Cisco and other companys have tools that will do this. (User tracking in Cisco works), but from what I have seen it's one by one if you have to do it by hand.