Your network grinds to a screeching halt. All the switch port lights are solid, and your only theory is that the network is under attack. What do you do?

The first step is to fire upward your network protocol analyzer and capture data off of the cadre switch. From your protocol analyzer, you see that an IP address is flooding the network with unidentifiable traffic. From the packet, you get the MAC address. Now you need to find the location of the PC.

Yous know that the PC must be connected to any one of a few hundred Ethernet patch console ports in the network room; those switch ports go to ports on the Ethernet switch. If you could tell which MAC accost is on which switch port, you could identify the PC and either close down the switch port or go to the office where the PC is and close it downward.

Here are various solutions that may assistance you determine which device is continued to which port on your Cisco switch.

An appliance solution

At Interop 2007, I spotted an interesting solution from porttracker. The U. K.-based visitor offers a dedicated appliance called porttracker that maps your network for y'all. This solution tries to solve three issues: (ane) ports going unused (porttracker refers to this as port wastage); (2) reduce downtime and know "what is connected where"; (3) identify at-risk ports.

Software applications

There are a vast number of software applications out there to help you lot in this situation. Here are a few that I think are worth checking out.

  • Northwest Performance Software's Managed Switch Port Mapping Tool uses SNMP to communicate with switches and to find out what is attached where. It works with different brands of switches; it shows VLAN assignments; and it exports to a spreadsheet. The standalone cost for the tool is $199, and at that place is fifteen-24-hour interval gratis trial.
  • ManageEngine offers the Switch Port Mapper Tool, which handles multiple brands of switches and imports cable port mappings. See the ManageEngine site for detailed pricing data.
  • Netxar Technologies' SwitchInspector maps switch ports. The cost is $99, and there is a 15-day trial download.
  • SolarWinds' LANsurveyor automatically discovers and diagrams your network and what is connected where. It does more than the other packages, which is why information technology has a price tag of $1,995.
  • SolarWinds' Switchport Mapper is similar to LANsurveyor, and it's function of SolarWinds' Engineer's Toolset. The suite runs about $1,400, and the company offers a 30-mean solar day evaluation.

Note: My search didn't turn up whatsoever complimentary open up-source products. If you know of any open up source products that map switch ports, please postal service your recommendations in the commodity discussion.

The Cisco IOS CLI control

The easiest way to see which Ethernet MAC address is on which port is to use the testify mac-accost-table command. Here is an example:

switch#                prove mac-address-tabular array                          Mac Accost Tabular array                
-------------------------------------------
                
Vlan    Mac Address       Type        Ports
                
----    -----------       --------    -----
                
   one    0007.e9e2.2d7d    DYNAMIC     Fa0/five
                
   ane    0009.0f30.07e9    DYNAMIC     Fa0/48
                
   1    0009.5bbc.af04    DYNAMIC     Fa0/28
                
  1    00e0.bb2c.30d1    DYNAMIC     Gi0/1
                
   ane    00e0.bb2c.3e5f    DYNAMIC     Gi0/i
                
Total Mac Addresses for this criterion: five
                Switch#

(The MAC accost tabular array is truncated for brevity.)

With the command, you tin can figure out which MAC address is on which port. When you use the control, yous accept to go to each switch and run the control. If the network is down, y'all will have to go to the console of each switch. If yous had one of the applications above, you should take been able to map out which MAC address (and even which PC proper noun) is on every switch in the network.

If the scenario I describe at the beginning of the article does happen, you could reference your spreadsheet or printout of which device is continued where.

Summary

When your network is in crisis, it'southward of import to know which device is connected to which switch port without having to run to the network room, hook upwardly a console cable, and/or trace cables from switches to wall ports. By having network analysis applications and switch port mapping tools available ahead of fourth dimension, you may exist able to resolve the problem on your network earlier it actually becomes a crisis.

David Davis has worked in the It manufacture for more than 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately endemic retail company and performs networking/systems consulting on a part-fourth dimension basis.

Desire to larn more near router and switch management? Automatically sign upwardly for our free Cisco Routers and Switches newsletter, delivered each Friday!