网站导航:首页 -> 软件水平考试 -> 网络工程师考试认证 -> 根据IP地址追查其所连接的交换机端口

根据IP地址追查其所连接的交换机端口

在一个cisco 交换网络中间,已知某台机器的ip地址,如何找出它连接到了哪台交换机的哪个端口上呢?最方便快捷的方法使使用ciscoworks 2000 lms网管软件的user tracking 功能,图形化界面,一目了然。

如果没有这个软件,也可以使用以下手工分析方法来找出答案:

示例网络:核心交换机为6509(交换引擎se用catos, msfc 运行ios软件)

1. 找出该ip所对应的mac地址:

通过查看系统的arp缓存表可以找出某ip所对应的mac地址。由于arp不能跨vlan进行,所以连接各个vlan的路由模块msfc就是最佳的选择--一般它在每一个vlan都有一个端口(interface vlan n),能正确地进行arp解释。

    6509msfc#ping 10.10.1.65
type escape sequence to abort.
sending 5, 100-byte icmp echos to 10.10.1.65, timeout is 2 seconds:
!!!!!
success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
6509msfc#show arp | in 10.10.1.65
internet 10.10.1.65 2 0006.2973.121d arpa vlan2

通过以上命令,我们知道10.10.1.65的mac地址是0006.2973.121d, 这是ios设备的mac地址表达方式,在catos中,应写为00-06-29-73-12-1d.

2.在交换机上找出mac地址所对应的端口

    6509se> (enable) show cam 00-06-29-73-12-1d
* = static entry. + = permanent entry. # = system entry. r = router entry.
x = port security entry $ = dot1x security entry
vlan dest mac/route des [cos] destination ports or vcs / [protocol type]
2 00-06-29-73-12-1d 9/41 [all]
total matching cam entries displayed =1
这是不是说ip为 10.10.1.65的机器就接在端口9/41上呢?
不一定。如果以下命令中显示该端口上只有一个活动的mac地址,那么答案就是肯定的:
6509se> (enable) show cam dynamic 9/41
* = static entry. + = permanent entry. # = system entry. r = router entry.
x = port security entry $ = dot1x security entry
vlan dest mac/route des [cos] destination ports or vcs / [protocol type]
---- ------------------ ----- -------------------------------------------
2 00-06-29-73-12-1d 9/41 [all]
total matching cam entries displayed =1

如果该命令显示该端口上有多个活动的mac地址,那么这个端口应该连接到别的交换机或hub设备上,见下面的例子(查找ip为10.10.1.250所对应的交换机端口):

   6509msfc#ping 10.10.1.250
type escape sequence to abort.
sending 5, 100-byte icmp echos to 10.10.1.250, timeout is 2 seconds:
!!!!!
success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
6509msfc#show arp | in 10.10.1.250
internet 10.10.1.250 4 0009.6b8c.64ec arpa vlan2
6509se> (enable) show cam 00-09-6b-8c-64-ec
* = static entry. + = permanent entry. # = system entry. r = router entry.
x = port security entry $ = dot1x security entry
vlan dest mac/route des [cos] destination ports or vcs / [protocol type]
---- ------------------ ----- -------------------------------------------
2 00-09-6b-8c-64-ec 3/11 [all]
total matching cam entries displayed =1
6509se> (enable) show cam dy 3/11
* = static entry. + = permanent entry. # = system entry. r = router entry.
x = port security entry $ = dot1x security entry
vlan dest mac/route des [cos] destination ports or vcs / [protocol type]
1 00-03-e3-4b-06-80 3/11 [all]
1 00-08-02-e6-b0-cd 3/11 [all]
1 00-02-a5-ee-f2-4f 3/11 [all]
1 00-09-6b-8c-66-d6 3/11 [all]
1 00-09-6b-63-17-d9 3/11 [all]
1 00-0b-cd-03-ec-f5 3/11 [all]
1 00-09-6b-63-17-d8 3/11 [all]
1 00-08-02-e6-b0-c1 3/11 [all]
1 00-08-02-e6-b0-85 3/11 [all]
1 00-08-02-e6-b0-81 3/11 [all]
1 00-02-a5-ef-16-af 3/11 [all]
1 00-02-a5-ee-f2-93 3/11 [all]
1 00-02-55-c6-05-61 3/11 [all]
2 00-09-6b-8c-64-ec 3/11 [all]
1 00-08-02-e6-b0-ed 3/11 [all]
1 00-08-02-e6-b0-a9 3/11 [all]
1 00-02-55-54-7a-e0 3/11 [all]
1 00-02-a5-ef-15-a6 3/11 [all]
1 00-08-02-e6-af-8f 3/11 [all]
1 00-08-02-e6-b0-bd 3/11 [all]
1 00-0b-cd-03-db-8b 3/11 [all]
1 00-09-6b-8c-25-50 3/11 [all]
do you wish to continue y/n [n]? n
由于该端口连接到另一台交换机或hub,必须继续追查,方法如下:
6509se> (enable) show cdp nei 3/11
* - indicates vlan mismatch.
# - indicates duplex mismatch.
port device-id port-id platform
-------- ------------------------------- 

3/11 cisco2924 gigabitethernet1/1 cisco ws-c2924m-xl