How to find the switchport an IP network device is on.
The IP address for each network device can be mapped to a specific switchport on your network, which enables you to find the port it is directly connected to.
Why do we need to find the switchport?
It is often necessary to find the switchport that a network device is connected to when you need to either troubleshoot a problem such as network latency, or when you need to change the VLAN assignment for a switchport to allow the PC or device to operate on another layer 3 routed segment over the switching fabric.
What do we need to know to find the switchport?
The cached information on the router and the switch, and a few commands will direct you through the switching path toward the device you are trying to find. The router caches a mapped relationship, called the arp cache, between the layer 3 IP address and the Layer 2 MAC address, while the switch maintains a cache of mappings for the layer 2 MAC address and the index of switch ports. This cached information on the switch is often referred to as the CAM table or “Content Addressable Memory table” and each of it's entries by default will expire and be removed from the cam table in 5 minutes. This means that if the device is not talking on the network, you will not be able to find the switchport 5 minutes after it last passed traffic. This can be modified per VLAN using the command "set cam agingtime [vlan] [nn]" although it is not recommended to do so, or at least not make the cam aging timer longer than the routers arp cache timer.
These lookups are done in 3 steps;
- Use the network device’s IP address to look up the IP address to MAC address mappings in the router’s IP arp cache.
- Look up the network device’s MAC address to switchport mappings in the switch cache or CAM table for the switchport the network device is connected to.
- If the port is a trunk port then you need to repeat step 2 on the neighboring switch. You can find the neighboring switch's IP using the “show cdp neighbor” command and it’s options.
- Repeat steps 2 and 3 for each cdp neighbor we will need to traverse as we follow the MAC address through the switching fabric.
Find the MAC address of the network device:
If a popup window did not open when you came to this page, you may be using a popup blocker that prevented it from opening.  You can click on the CLI icon to the left to open it manually. We will refer to this window as the CLI (Command Line Interface) from now on.
Review the CLI with the Cisco router command line output where we used the command “show ip arp x.x.x.x” where x.x.x.x represents the IP address of the device. Next you would copy the hardware address to the clipboard.
You will need to know both the "set based" and the native IOS based commands depending on which Cisco switch is the first inline towards the device we are trying to find. On a set based Cisco switch command line use the command “show cam 00-60-16-01-18-6b”. On the CLI you will see a hostname or prompt of "CatSwitch" for commands executed on a set based command line switch. On a switch running the Cisco native IOS you will see the hostname or prompt "NativeSwitch". Note the separation of digits in the mac address using the dash. On native IOS based switches the mac address is used on the command line with the periods as separators just the same as they are displayed on the router’s output for the “show ip arp” command.
Notice on the CLI output the device is seen on GigabitEthernet1/1. Gigabit ports on most networks are uplinks to other switches or routers, so it is likely a VLAN trunking switchport. If we look at the configuration of this port we will see that it is a trunk port, not a host port, so we know the network device is on a switchport on another switch somewhere and we will need to drill down through the switching path to find it. We use the “show cdp neighbor” command to find the neighboring switch IP address so we can telnet to it and repeat the MAC address cache table lookup.
Now depending on the type of OS on the neighboring switch, we will repeat the appropriate command, in this case the cdp neighbor is a Catalyst 6009 running Cat code 6.2 (3) so we know it is a set based command we will need to use. We can now telnet to the cdp neighbor at the IP address shown in the output of the cdp neighbor command.
OK, so we found another switchport with the same device appearing to be on it. We need to check the port to see if it is a trunk.
We can see on the first line of output from the show port command that the switchport is not a trunk since it is showing a status of “connected” rather than “trunk”. At this point it is safe to assume this is the network device port we were searching for and we can now make the switchport changes we had intended. If the intended task was to convert the switchport to another VLAN then see the instructions for changing the VLAN assignment for a switchport. If you are troubleshooting a network latency issue then you will need to review the troubleshooting guide for switchport error conditions or status and what they might mean.
|
