As a Network Administrator/Engineer you may be asked to find MAC addresses and/or IP Addresses, hopefully this can make your job a little bit easier. These commands work on most Cisco Switches and Routers but sometimes the commands can vary from device to device.
Fortunately, you can engage VoIP experts-such as Cisco partners-to strengthen and simplify your company's security. Following is an introduction to some IP phone security strategies, from Cisco and two Cisco partners that provide VoIP security solutions and services.
- It's worth noting that on some Cisco devices the command 'show mac-address-table' also works. Step 3: Find the IP Address. On the layer 3 device ( L3 switch or router) in my case I am using a router, enter the username and password if needed. Next enter 'enable' mode on the router by typing enable. Next type 'show ip arp' if done correctly you.
- Cisco's technical support homepage is your starting point for accessing software downloads, product documentation, support tools and resources, TAC phone numbers, and Cisco support cases.
- Our VoIP softphone will look everywhere for your contacts and will display them in a combined list for easy access. Outlook, windows/mac, LDAP, XMPP, XCAP, Android, iOS. You name it, we got it and we will lookup incoming calls as well so you know who calls before you answer. Zoiper can load and search your contacts on the fly from these places.
5 Steps total
Step 1: Connect to your Cisco Devices
Connect to the Switch/Router by using a console cable or a terminal emulator like Putty or Secure CRT. If you are successful it should look something like this.
Step 2: Find The MAC Addresses
On the layer 2 device (switch) enter the username and password if needed. Next enter 'enable' mode on the switch by typing enable. Next type the command 'show mac address-table'. If successful it should look like the picture. It's worth noting that on some Cisco devices the command 'show mac-address-table' also works.
Step 3: Find the IP Address
On the layer 3 device ( L3 switch or router) in my case I am using a router, enter the username and password if needed. Next enter 'enable' mode on the router by typing enable. Next type 'show ip arp' if done correctly you should get an output similar to the picture.
Step 4: Filtering the results on a Router
In the example I have provided there were only 9 IP addresses. However in the real world there could be dozens or even hundreds of IP addresses. To help filter the results on a router type 'show ip arp ?' You will see gigabitethernet' as an option this will let you filter results by interface or sub-interfaces. In my exmaple it typed 'sho ip arp gigabitEthernet 0/0.10' and that listed all IP's on my sub-interface.
Step 5: Filtering the results on a Layer 3 Switch
As stated in Step 4, you will likely have more than 9 IP Addresses. This can be made worse in a messy closet with a 48 port switch running the closet and maybe even some layer 2 switches under that. Luckily in addition to being able to filter by interface you can also filter by VLAN. So type in 'show ip arp ?' and you will see 'vlan' as a listed filter. As you can see I typed in 'sho ip arp vlan 20' and it listed only those IP's in vlan 20. In this case it was the vlan interface and a PC.
I hope this guide was helpful for you. If you aren't sure about something or feel like I missed a step, please let me know.
9 Comments
- AnaheimGDBJNC Apr 27, 2018 at 01:15pm
Great post.
Another way to find that information is to first PING the address of the system you are looking for. Then issue:
show arp | i .This will then show you the MAC address associated with the IP address.
Then issue:
show mac address-table | iThis will give you the port that the device is currently connected.
- CayenneJim6795 Apr 27, 2018 at 01:15pm
Thanks for posting this *after* I finished a 'What's Connected Where' jihad on our network. :^D After beating Google to death over it, hoping for some useful tool, I ended up using exactly the same process (plus the online MAC address lookup to ID the device manufacturer), so I can affirm this works perfectly, if you work it.
As you can see, the 'sh arp' or 'sh ip arp' commands also give you the MAC addresses, so essentially the 'sh mac add' is only to get the port in which the device is connected. It helps to Ping the subnet's broadcast address (e.g. '10.1.1.255') to load the ARP table. (Small tip: When you see a large number of MAC addresses showing up on a single port, there's a switch on that port into which those MAC addresses are connected. If you're all Cisco, 'show cdp neighbor' (or 'sh cdp nei') will get you to the next switch. Also, 'sh ip arp | i 0/24' will show just the MAC address(es) on that port.)
The amazing thing to me is, this far into the 21st Century, this is still the only way I could find to get this information -- i.e. to find out what's connected where. Did I mention it's a *lot* of work?
(ETA: What if you can't get to the Console port? How do you get the IP address of the switch in order to SSH or (if you must) Telnet in?)
- DatilCrimsonKidA Apr 27, 2018 at 02:04pm
Good stuff, thanks for posting this! My go-to Cisco command is: show ip interface brief (show ip int bri). Another thing I've learned that is very helpful (I'm still a noob with Cisco stuff) is tab-completion and using a '?' after the start of a command, such as 'show ?'
- CayenneEd Rubin Apr 27, 2018 at 03:09pm
Unfortunately dumping the mac table and working through it is the only way to reliably find stuff and identify its switch port. I've done a similar process with HP switches. One thing that helps a lot is an ip scanner application that does MAC vendor ID lookups for you. This can help with jim6795's problem of identifying an undocumented switch IP since you can look for the the switch maker's vendor ID and then try ssh or telnet, or http/https depending on the product.
- JalapenoTS79 Apr 27, 2018 at 06:53pm
Spiceworks has the ability to harvest this information using SNMP and will create a map showing which device is on which switchport. It must have the correct MIB installed for your switch and you must configure SNMP. The feature could use some more work but basic components are there.
- JalapenoSadTech0 Apr 27, 2018 at 08:06pm
Thanks for posting this *after* I finished a 'What's Connected Where' jihad on our network. :^D After beating Google to death over it, hoping for some useful tool, I ended up using exactly the same process (plus the online MAC address lookup to ID the device manufacturer), so I can affirm this works perfectly, if you work it.
As you can see, the 'sh arp' or 'sh ip arp' commands also give you the MAC addresses, so essentially the 'sh mac add' is only to get the port in which the device is connected. It helps to Ping the subnet's broadcast address (e.g. '10.1.1.255') to load the ARP table. (Small tip: When you see a large number of MAC addresses showing up on a single port, there's a switch on that port into which those MAC addresses are connected. If you're all Cisco, 'show cdp neighbor' (or 'sh cdp nei') will get you to the next switch. Also, 'sh ip arp | i 0/24' will show just the MAC address(es) on that port.)
The amazing thing to me is, this far into the 21st Century, this is still the only way I could find to get this information -- i.e. to find out what's connected where. Did I mention it's a *lot* of work?
(ETA: What if you can't get to the Console port? How do you get the IP address of the switch in order to SSH or (if you must) Telnet in?)
Couldn't you just use CDP? #show cdp nei detail will show you the ip of the connected devices.
- Thai PepperTaylorC Apr 27, 2018 at 08:45pm
Hey everyone thanks for the great feed back, it's really cool having this featured. @SadTech0 if you cant to the console port and you don't know the IP Address you could use a tool like angry IP scanner and find the switch that way. CDP may or may not work depending on your network configuration and/or topology. Barring some major obstruction you should try to console in get the ip and start an inventory. Hope that helps.
- Thai PepperTodd_in_Nashville Apr 30, 2018 at 12:34pm
Keep in mind, in some security minded environments, CDP may be disable if it's not needed. It's one of those things that give out unnecessary reconnaissance info to the bad guys. If one of your edge routers gets compromised, it can be used to start footprinting your internal network.
- Thai PepperJohn3367 Apr 30, 2018 at 08:51pm
Great info..
Another helpful thing you should add!
SHOW INVENTORY ---> To show the SERIAL number of the Cisco device you are on.
**I always use those commands you show to troublshoot. They are very helpful. I usually PING an IP address. then I type a 'show arp' and get its MAC address.. then I will type 'show mac-address table' which will show me which PORT the device is connected to!
How to have the Cisco Jabber software installed on a computer.
Contract users supported by DoIT should have a case sent to General Departmental Support to have Jabber downloaded to their computer. You may also contact your local IT support to help you install the client. If you have adminstrator rights to your computer, you can follow the instructions below.
Jabber is available in the Campus Software Library. It can be installed on either Windows or Mac computers. There is no Linux client. For more about Jabber, please see Cisco VoIP - Jabber for Voice Only Overview and Sign in Information.
Please note that a Jabber account must be requested specifically for a phone number when it is set up. To use Jabber, you must have a personal phone number assigned to you. To see if your phone number has a Jabber account, you can go to the Self Care Portal Cisco VoIP - Self Care Portal. Look under My Phones. If you see Cisco Jabber for Desktop, that means you have an account. If you do not have account, you may have your authorized user place an order. Cisco VoIP Request FormsDue to many users working off-campus due to the COVID19 pandemic, you may now download Jabber to your personally owned laptop. After campus resumes normal operations, this permission may be revoked. If you are working off-campus, do not use Jabber to call 911. Please use your personally-owned telephone for 911 calls.
Windows
- Navigate to the Campus Software Library to acquire the Cisco Jabber and E911 Softphone Locator for Windows OS installation files.
- Download Cisco Jabber for Windows
- Download E911 Softphone Locator for Windows
- Navigate to where the downloaded files were placed and double click the Cisco Jabber installer.
- Select 'Accept and Install'.
- If you are not an administrator on your machine, you will be prompted to enter administrator credentials after performing this step.
- Select 'Finish'.
- Navigate to where the downloaded files were placed and double click the E911 Softphone Locator installer.
- Select 'Next'.
- Please note, settings prompted for during installation should already be included, however, to ensure this is in fact the case, please perform the following.
- Select 'SSL/TLS (Encrypted)' and then select 'Next'.
- Provide the following values and then select 'Next'.
- Primary EGW: e911egw1.doit.wisc.edu
- Primary Port: 443
- Secondary EGW: e911egw2.doit.wisc.edu
- Secondary Port: 443
- Provide the following value and then select 'Next'.
- IP-PBX ID: 1
- Select 'Everyone' then select 'Next'.
- Select 'Next'.
- If you are not an administrator on your machine, you will be prompted to enter administrator credentials after performing this step.
- Select 'Close'.
- For instructions on signing in, see Cisco VoIP - Jabber for Voice Only Overview and Sign in Information.
Mac
- Navigate to the Campus Software Library to acquire the Cisco Jabber and E911 Softphone Locator for Mac OS installation files.
- Download Cisco Jabber for Mac
- Download E911 Softphone Locator for Mac
- Navigate to where the downloaded files were placed and double click the Cisco Jabber installer.
- Double click the Cisco Jabber .pkg file.
- Select 'Continue'.
- Select 'Continue' and then 'Agree'.
- Select 'Install'.
- If you are not an administrator on your machine, you will be prompted to enter administrator credentials after performing this step.
- Select 'Close'.
- Navigate to where the downloaded files were placed and double click the E911 Softphone Locator installer.
- Drag 'ESL.app' to the 'Applications' folder.
- Drag 'esl-startup.sh' to the 'bin' folder.
- Drag 'wss.com.esl.plist' to the 'LaunchAgents' folder.
- Navigate to your 'Applications' folder and double click 'ESL.app' to begin the service.
- For instructions on signing in, see Cisco VoIP - Jabber for Voice Only Overview and Sign in Information .
If you need further help, please contact the DoIT Help Desk for assistance
Cisco Voip Gateway
Cisco Voip Call Manager
Keywords: | install ds contract vip personal owned machine computer download soft client phone jabber softphone Suggest keywords | Doc ID: | 78622 |
---|---|---|---|
Owner: | ELIZABETH C. | Group: | Voice Services |
Created: | 2017-12-07 17:33 CDT | Updated: | 2020-03-24 12:35 CDT |
Sites: | DoIT Departmental Support, DoIT Help Desk, DoIT Tech Store, Network Services, Voice Services | ||
Feedback: | 210CommentSuggest a new document |