0
4

[–] KidVicious 0 points 4 points (+4|-0) ago 

Sorry I'm late to the question. When you ping the IP address from a device on the same space, the mac address you get in the arp table will be the host's mac address. You can verify this by going on the actual host and looking at the mac address.

Once you know you have the mac address, on a Cisco switch you can do "sh mac-address {mac address of the host}". This will tell you the port through which the switch will send the frame to reach that destination mac address.

At first, you may find that the port leads to another switch. That's OK. Just go on that switch and issue the same command. Eventually you will reach the switch that directly connects to the host.

If you are not on Cisco, you can do similar mac address lookups which will lead you to the same results. But definitely you have to start by pinging from a host/switch on the same subnet as the host. If you want to be certain, go to the device that acts as a default gateway for the host.

0
1

[–] lkmhaqer 0 points 1 points (+1|-0) ago 

You need to look at the arp table of another host in the same subnet (like upstream router?) and you will be able to get the MAC address. From there, just follow this address down your switch CAM till you find the port.

0
0

[–] Lag-wagon 0 points 0 points (+0|-0) ago 

show CDP neighbor ?

0
0

[–] Napping_bluefin 0 points 0 points (+0|-0) ago 

I've written this script 3 or 4 times in different languages and net architectures. The most reliable, read brute force, is to snmpget the arp table on the default gateway for the IP you are trying to find. Say if your routers are always x.x.x.1 then just take the host IP and overwrite the last octet with 1. You have to search for the IP, and hance MAC in the arp table. Next you have to search all of the downstream switches MAC tables. If you can you should ping the host from the default router first (expect script). This way if the host has the wrong default gateway you can still resolve MAC to IP. The ping will also force arps to be transmitted si the switches should learn the MAC to port mapping. If you get multiple switches that have the MAC in their tables then they should be either the switch/port you are looking for, or an infrastructure port (interswitch link).

That sequence and elimination should work for most network designs. Oh yeah you can query LLDP to see if the switch/port is an inter-switch link. Most hosts don't run LLDP.

Good luck.

0
0

[–] nativevlan 0 points 0 points (+0|-0) ago 

If this is for your "on the ground" support guys having you always track down which port a user is on, etc. I've been sending out WinCDP to our PC support guys to save us both time when they need a port looked over. (not my program) If your switches support CDP and have it enabled for user facing ports it's a quick way to track down the relevant info.

0
0

[–] Lag-wagon 0 points 0 points (+0|-0) ago 

Ping, arp tables ?

0
0

[–] lord_farquaad 0 points 0 points (+0|-0) ago 

Can you do a wireshark capture on it and filter only the CDP or LLDP traffic? That would be the first thing I'd try.