How to trace physical interface with MAC/IP address in Cisco Devices

In this post I will explain the steps to find the client/end user computer connected physical interface in large Network environment with multiple Access Switches connecting to the core switches or routers. This will help you to trace and troubleshoot devices like a PC or a laptop or other end devices. This is not a difficult task but can certainly be time consuming.

You can trace the physical interface by using MAC address or IP address. You can find the MAC address with “sh ip arp” command of particular IP address in gateway router. Let’s start with an IP address. Find out gateway router while checking traceroute to the IP address then login into second hop IP address from end and enter “sh ip arp X.X.X.X” command.

C:\>tracert 172.16.24.42

Tracing route to 172.16.24.42 over a maximum of 30 hops

1     1 ms     1 ms     2 ms  192.168.202.1
2     1 ms    <1 ms    <1 ms  192.168.253.9
3    <1 ms    <1 ms    <1 ms  192.168.253.2
4    15 ms    16 ms    16 ms  10.151.253.1
5    16 ms    15 ms    15 ms  10.151.253.65 – Gateway
6    15 ms    15 ms    15 ms  172.16.24.42

Trace complete.

Access gateway to get MAC address with “sh ip arp” command and connected interface. Find out physical interface if connected interface is Vlan or etherchannel interface by using show mac-address-table or show mac address-table command.

For Vlan interfaces:

Cisco-R1#sh ip arp 172.16.24.42

Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.16.24.42            1   00f0.81b6.35fd  ARPA   Vlan99

Cisco-R1#sh mac-address-table address 00f0.81b6.35fd

*   99  00f0.81b6.35fd   dynamic  Yes          5   Gi1/1

For Etherchannel interfaces:

use “sh etherchannel <number> summary” command to get physical interface details.

Ciscovss1#sh ip arp 192.168.10.66

Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.10.66           118   0060.56b7.7ee6  ARPA   Vlan432

ciscovss1#sh mac address-table address 0060.56b7.7ee6

*  432  0060.56b7.7ee6   dynamic  Yes         65   Po302

ciscovss1#sh etherchannel 200 summary
Flags:  D – down        P – bundled in port-channel
I – stand-alone s – suspended
H – Hot-standby (LACP only)
R – Layer3      S – Layer2
U – in use      N – not in use, no aggregation
f – failed to allocate aggregator
M – not in use, no aggregation due to minimum links not met
m – not in use, port not aggregated due to minimum links not met
u – unsuitable for bundling
d – default port
w – waiting to be aggregated

Number of channel-groups in use: 23
Number of aggregators:           24
Group  Port-channel  Protocol    Ports
——+————-+———–+———————————————–
200    Po200(SU)       LACP      Te1/7/10(P)     Te2/7/10(P)

Last applied Hash Distribution Algorithm: Fixed

Next find the physical interface whether it is access or trunk and how many MAC addresses are learning from port or CDP neighbor details. It will be physical interface of IP address if it is an access VLAN interface and learning only one MAC address what we are searching from it.

You can decide that it is an uplink interface if interface is trunk or getting device details in CDP neighbor details or learning multiple MAC addresses from it.

Cisco-R1#sh run int Gi1/1
Building configuration…
Current configuration : 185 bytes
!
interface GigabitEthernet1/1
description TRUNK to Cisco-S1 G1/0/49
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
end

Telnet Cisco-S1:

Interface Gi1/0/49 on Cisco-R1 is trunk and device Cisco-S1 is connected on it. Telnet device Cisco-S1 and find the physical interface with “show mac address-table”.

Interface Gi2/0/52 on Cisco-S1 is again trunk and I found device Cisco-R2 connected on it by using “show CDP neighbor” or “show CDP neighbor details” command.

Cisco-S1#sh mac address-table address 00f0.81b6.35fd

99    00f0.81b6.35fd    DYNAMIC     Gi2/0/52

Cisco-S1#sh run int Gi2/0/52
Building configuration…
Current configuration : 138 bytes
!
interface GigabitEthernet2/0/52
description TRUNK to Cisco-R2 G2/9
switchport trunk encapsulation dot1q
switchport mode trunk
end
Cisco-S1#

Cisco-S1#sh cdp neighbor
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone,
D – Remote, C – CVTA, M – Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Cisco-R1.cisco.com
Gig 1/0/49        152             R S I  WS-C6509- Gig 1/1

Cisco-R2.cisco.com
                 Gig 2/0/52        167             R S I  WS-C6509- Gig 2/9

Cisco-S1#sh cdp neighbor details

————————-
Device ID: Cisco-R1.cisco.com
Entry address(es):
IP address: 10.100.200.201
Platform: cisco WS-C6509-E,  Capabilities: Router Switch IGMP
Interface: GigabitEthernet1/0/49,  Port ID (outgoing port): GigabitEthernet1/1
Holdtime : 137 sec

Version :
Cisco Internetwork Operating System Software
IOS ™ s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(18)SXF17a, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by cisco Systems, Inc.
Compiled Tue 02-Mar-10 02:55 by tinhuang
advertisement version: 2
VTP Management Domain: ‘cisco’
Native VLAN: 1
Duplex: full
Management address(es):

————————-

Device ID: Cisco-R2.cisco.com
Entry address(es):
  IP address: 10.100.200.202
Platform: cisco WS-C6509-E,  Capabilities: Router Switch IGMP
Interface: GigabitEthernet2/0/52,  Port ID (outgoing port): GigabitEthernet2/9
Holdtime : 149 sec

Version :

Cisco Internetwork Operating System Software
IOS ™ s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(18)SXF17a, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by cisco Systems, Inc.
Compiled Tue 02-Mar-10 02:55 by tinhuang
advertisement version: 2
VTP Management Domain: ‘cisco’
Native VLAN: 1
Duplex: full
Management address(es):
Cisco-S1#

Telnet Cisco-R2:

Telnet to device Cisco-R2 and find the physical interface for MAC address. Interface Gi7/20 is access vlan interface and it is physical interface for IP address/MAC address.

Cisco-R2#sh mac-address-table address 00f0.81b6.35fd

*   99  00f0.81b6.35fd   dynamic  Yes          0   Gi7/20
Cisco-R2#sh run int Gi7/20
Building configuration…
Current configuration : 179 bytes
!
interface GigabitEthernet7/20 – Connected interface of IP address/MAC address
description **Access Interface**
switchport
switchport access vlan 99
switchport mode access
no ip address
speed 1000
duplex full
end
Cisco-R2#

For Nexus Switch:

ciscovss1#sh cdp neighbor
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone,
D – Remote, C – CVTA, M – Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Nexus1.cisco.com(FOX1553GFBF)
Ten 2/7/10         121             S I C  N5K-C5596 Eth 1/2
Nexus1.cisco.com(FOX1553GFBF)
Ten 1/7/10         117             S I C  N5K-C5596 Eth 1/1

Telnet Nexus1:

Nexus1# sh mac address-table address 0060.56b7.7ee6

Legend:
* – primary entry, G – Gateway MAC, (R) – Routed MAC, O – Overlay MAC
age – seconds since last seen,+ – primary entry using vPC Peer-Link
VLAN     MAC Address      Type      age     Secure NTFY    Ports
———+—————–+——–+———+——+—-+——————
* 432      0060.56b7.7ee6    dynamic   0          F    F  Eth1/28

Filed Under: LAN General

Tags:

About the Author:

RSSComments (0)

Trackback URL

Leave a Reply




If you want a picture to show with your comment, go get a Gravatar.