13

I have Cisco catalyst switch, with many VLANs and address ranges.

How do I find IP addresses connected to the switch that are not Cisco devices?

Ryan Foley
  • 5,479
  • 4
  • 23
  • 43
John
  • 812
  • 3
  • 9
  • 24

6 Answers6

16

Perform a show mac address-table interface <switchport> on the switch that has the device(s) connected to it. 

switch#show mac address-table int gi1/0/34
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 132    001b.78d5.a2d7    DYNAMIC     Gi1/0/34

Then go to the router for the VLAN specified in the previous command and perform a show ip arp vlan <vlan#> | include <mac-address>.

router#show ip arp vlan 132 | include 001b.78d5.a2d7
Internet  192.168.132.234        62   001b.78d5.a2d7  ARPA   Vlan132

That will give you the IP address for the device.

Adam Loveless
  • 3,129
  • 7
  • 30
  • 51
  • In my network I dont have router, communication between VLANs. This Catalyst is my Core swith. I just have multiple VLANs on that switch, a lot of servers, and other smaller Cisco switches connected on that Core switch. I need to see addresses of that servers. – John Jun 09 '14 at 11:52
  • I tried that, the commands, on my Core switch, and there was no result. Can I try anything else? – John Jun 09 '14 at 11:53
  • @John What model of switch are you using? Are you saying you don't have any interVLAN communication at all or that the devices in each of the VLANs do not communicate outside of their respective VLAN? – Adam Loveless Jun 09 '14 at 12:10
  • Model is 4507 R. I dont have any interVLAN communication at all. Machines communicate only in their VLAN, with their server. – John Jun 09 '14 at 12:23
  • 1
    @John Do you have access to the server or one of the workstations in each VLAN? You could do a ping sweep and then look in the ARP cache and then compare the MAC addresses you learned from the switch. – Adam Loveless Jun 09 '14 at 12:38
6

If you do not have any Layer 3 interface on the actual VLAN, you won't really be able to see any IPs going on.

One way would be to do port miroring and sniff the packet to see what IP's going through, but it might not give you a complete picture either

Remi Letourneau
  • 2,174
  • 12
  • 13
0

If port security is on you can do what David suggested and do show ip device tracking but instead of all, do mac xxxx.xxxx.xxxx to get the ip of just that device

Shocknoble
  • 1
0

Show Lldp neighbors if you have lldp enable on both devices you should be able to enable that but usually a show cdp neoghbors shows more than only cisco devices

Kejimire
  • 68
  • 4
0

Though this is not exactly a solution, you can try

show ip arp inspection log

which will output the contents of the log buffer before the buffer was flashed. If the end device triggered some sort of log event, for instance a DHCP reject, it will be identifiable by looking the log data since the output will display interface, MAC address, and IP address on the same output line.

Once again, this is not a real solution, so be mindful that it may as well not work at all.

edit: sample output from Cisco Catalyst command index pages:

`
Switch# show ip arp inspection log

 Total Log Buffer Size : 32

 Syslog rate : 10 entries per 300 seconds.

 Interface   Vlan  Sender MAC      Sender IP        Num Pkts   Reason       Time
 ----------  ----  --------------  ---------------  ---------  -----------  ----
 Gi1/0/1       5     0003.0000.d673  192.2.10.4               5  DHCP Deny    19:39:01 UTC Mon Mar 1 1993
 Gi1/0/1       5     0001.0000.d774  128.1.9.25               6  DHCP Deny    19:39:02 UTC Mon Mar 1 1993
 Gi1/0/1       5     0001.c940.1111  10.10.10.1               7  DHCP Deny    19:39:03 UTC Mon Mar 1 1993
 Gi1/0/1       5     0001.c940.1112  10.10.10.2               8  DHCP Deny    19:39:04 UTC Mon Mar 1 1993
 Gi1/0/1       5     0001.c940.1114  173.1.1.1               10  DHCP Deny    19:39:06 UTC Mon Mar 1 1993
 Gi1/0/1       5     0001.c940.1115  173.1.1.2               11  DHCP Deny    19:39:07 UTC Mon Mar 1 1993
 Gi1/0/1       5     0001.c940.1116  173.1.1.3               12  DHCP Deny    19:39:08 UTC Mon Mar 1 1993
Ahmet Cemil Sabır
  • 306
  • 2
  • 5
  • 1
    Add `SHOW IP DHCP SNOOPING BINDING`. If DHCP Snooping is enabled (and it should be ;) it'll give you a list of clients that requested address from DHCP server. Caveat Emptor: this doesn't cover clients with static IP. – vhu Jun 19 '14 at 07:21
-1

The IP Device tracking feature will enable your switch to snoop arp packets, once enabled the command:

show ip device tracking all

will contain a list of all learned devices and the associated IP addresses

David
  • 139
  • 8