Geeking out to traceroute MAC on Cisco IOS

September 1, 2013
By

"A Collection of Eagle" by Beo Nguyen

“A Collection of Eagle” by Beo Nguyen


I learned a new Cisco IOS trick this week. The MAC address traceroute. Need to find a device on your network and only have a MAC address? Go to a core router (or wherever the routing is in the network stack) and run this command (full Cisco documentation here) to find the port the device is plugged into:

traceroute mac [interface interface-id] {source-mac-address} [interface interface-id] {destination-mac-address} [vlan vlan-id] [detail]

From a practical standpoint you simply do:

traceroute mac ab01.ab02.ab03 ab01.ab02.ab03 detail

Where ab01.ab02.ab03 is the MAC address of the device you are looking for.

You must have Cisco Discovery Protocol running on all switches in the network.

The trick is finding something hiding behind a Cisco (or CDP compliant) phone.

Using the MAC of my PC, connected to my Cisco 7945 phone I do:


switch-core-01#traceroute mac 8434.9721.63C7 8434.9721.63C7 detail
Source not directly connected, tracing source .....
Unable to send a l2trace request to 10.208.171.26. Timed out
Layer2 trace aborted.

The problem is that my mac address, 8434.9721.63c7, resolves to a VoIP E911 VLAN IP with the traceroute command. That means it is seeing my phone device, not my PC. It cannot resolve past the phone and aborts the trace.

Using the conventional sho ip arp | i [MAC-address] using my laptop MAC provides the correct response.

switch-core-01#sho ip arp | i 8434.9721.63c7
Internet 164.121.173.20 1 8434.9721.63c7 ARPA Vlan100

Using the sho ip arp command using the VoIP VLAN IP address that was spat back out in the original traceroute will get you to the correct switch and port however.


switch-core-01#sho ip arp | i 10.208.171.26
Internet 10.208.171.26 7 c40a.cb4c.c562 ARPA Vlan152

switch-core-01#traceroute mac c40a.cb4c.c562 c40a.cb4c.c562 detail
Source not directly connected, tracing source .....
Source c40a.cb4c.c562 found on switch-acc-b02-[WS-C3750-48P] (172.28.2.59)
1 switch-acc-b02- / WS-C3750-48P / 172.28.2.59 :
Fa1/0/33 [auto, auto] => Fa1/0/33 [auto, auto]
Destination c40a.cb4c.c562 found on switch-acc-b02-[WS-C3750-48P] (172.28.2.59)

Go to the switch in question, et voila!


switch-acc-b02-acc03#sho mac add int f1/0/33
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
100 8434.9721.63c7 DYNAMIC Fa1/0/33
100 c40a.cb4c.c562 DYNAMIC Fa1/0/33
152 c40a.cb4c.c562 DYNAMIC Fa1/0/33

Something to keep in mind if you are trying to say, track down a user laptop in a VoIP environment. Corner case, I know. But there you go.

Tags: ,

Leave a Reply

Your email address will not be published. Required fields are marked *




Pages