As a network engineer, there will be times when you will need to determine where a device is located on a switchport.
There could be several reasons for this – physically locating the device or identifying which IDF it is connected to. You could physically try to trace it out, but that is time-consuming and the spaghetti of cables in the closet will only add more time and a headache. Ideally, it would be nice to have a software solution that can inventory devices and switch data, but let’s say we do not have such a solution in place. So how can we accomplish this via the CLI in the most effective manner?
First, we need to obtain some information on the device we are trying to locate. We need one of the two in order start our search:
- IP Address
- MAC Address
Let’s start with a scenario where we were given the IP Address 10.1.1.10 of the device. If you have the MAC Address, you can skip to step 4.
Let’s complete this task with the following steps:
- SSH to the Layer 3 device closest to the location’s access layer. Depending on our architecture this could be our Core or Distribution.
- Initiate a ping to the IP Address we are attempting to locate. It’s nice to ensure that the device we are locating is online.
- We need to obtain the MAC address of the device we are attempting to locate. Since we have the IP Address, we can initiate the following command:
show ip arp 10.1.1.10
You could alternatively do the following command as well:
show ip arp | i 10.1.1.10
This will give us the following results:
Switch-A#show ip arp 10.1.1.10 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.1.1.10 63 1234.5678.06a8 ARPA GigabitEthernet1/0/4
- With the MAC address known, we may now initiate the following command to see where the MAC is originating from:
show mac address-table address 1234.5678.06a8
Alternatively, you may pipe the last four digits of the MAC address:
show mac address-table | i 06a8
The command will give you the following results:
Switch-A#show mac address-table address 1234.5678.06a8 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 70 1234.5678.06a8 DYNAMIC Gi1/0/4
From this output, we know that this MAC address is originating from port Gi1/0/4. However, we need to determine if the port associated with this MAC address is, in fact, the device and not another switch.
- Perform show cdp neighbor to verify the switchport is not another switch.
Additionally, you will also want to check the MAC address-table on the actual interface as well. We want to verify that the port is not hosting another non-Cisco or non-CDP enabled switch. If it is another switch hosting multiple devices, you will see multiple MAC addresses originating from the port after initiating the following command:
show mac address-table interface gigabitEthernet 1/0/4
- If we are seeing no CDP neighbors and only a single MAC address, it is safe to say we have located the device. If you do see another switch, SSH into that switch and repeat steps 4 & 5 until you locate the device.