Your network grinds to a screeching halt. All the switch port lights are solid, and your only theory is that the network is under attack. What do you do?
The first step is to fire up your network protocol analyzer and capture data off of the core switch. From your protocol analyzer, you see that an IP address is flooding the network with unidentifiable traffic. From the packet, you get the MAC address. Now you need to find the location of the PC.
You know that the PC must be connected to any one of a few hundred Ethernet patch panel ports in the network room; those switch ports go to ports on the Ethernet switch. If you could tell which MAC address is on which switch port, you could identify the PC and either shut down the switch port or go to the office where the PC is and shut it down.
Here are various solutions that may help you determine which device is connected to which port on your Cisco switch.
An appliance solution
At Interop 2007, I spotted an interesting solution from porttracker. The U. K.-based company offers a dedicated appliance called porttracker that maps your network for you. This solution tries to solve three issues: (1) ports going unused (porttracker refers to this as port wastage); (2) reduce downtime and know "what is connected where"; (3) identify at-risk ports.
There are a vast number of software applications out there to help you in this situation. Here are a few that I think are worth checking out.
- Northwest Performance Software's Managed Switch Port Mapping Tool uses SNMP to communicate with switches and to find out what is attached where. It works with different brands of switches; it shows VLAN assignments; and it exports to a spreadsheet. The standalone price for the tool is $199, and there is 15-day free trial.
- ManageEngine offers the Switch Port Mapper Tool, which handles multiple brands of switches and imports cable port mappings. See the ManageEngine site for detailed pricing information.
- Netxar Technologies' SwitchInspector maps switch ports. The cost is $99, and there is a 15-day trial download.
- SolarWinds' LANsurveyor automatically discovers and diagrams your network and what is connected where. It does more than the other packages, which is why it has a price tag of $1,995.
- SolarWinds' Switchport Mapper is similar to LANsurveyor, and it's part of SolarWinds' Engineer's Toolset. The suite runs about $1,400, and the company offers a 30-day evaluation.
Note: My search didn't turn up any free open-source products. If you know of any open source products that map switch ports, please post your recommendations in the article discussion.
The Cisco IOS CLI command
The easiest way to see which Ethernet MAC address is on which port is to use the show mac-address-table command. Here is an example:
switch# show mac-address-table Mac Address Table
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0007.e9e2.2d7d DYNAMIC Fa0/5
1 0009.0f30.07e9 DYNAMIC Fa0/48
1 0009.5bbc.af04 DYNAMIC Fa0/28
1 00e0.bb2c.30d1 DYNAMIC Gi0/1
1 00e0.bb2c.3e5f DYNAMIC Gi0/1
Total Mac Addresses for this criterion: 5Switch#
(The MAC address table is truncated for brevity.)
With the command, you can figure out which MAC address is on which port. When you use the command, you have to go to each switch and run the command. If the network is down, you will have to go to the console of each switch. If you had one of the applications above, you should have been able to map out which MAC address (and even which PC name) is on every switch in the network.
If the scenario I describe at the beginning of the article does happen, you could reference your spreadsheet or printout of which device is connected where.
When your network is in crisis, it's important to know which device is connected to which switch port without having to run to the network room, hook up a console cable, and/or trace cables from switches to wall ports. By having network analysis applications and switch port mapping tools available ahead of time, you may be able to resolve the problem on your network before it actually becomes a crisis.
David Davis has worked in the IT industry for more than 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.
Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!