From: Brantley, Charles (Charles.Brantley@STJUDE.ORG)
Date: Thu Oct 13 2005 - 13:10:07 GMT-3
Perform a show cdp nei on the specific port.
Then if the next device is CATOS, perform a sho cam again, if it is IOS,
sh mac-add will work. Keep repeating until the sh cdp nei does not have
an entry.
To verify,
Sh mad-add int <interface> will give you the mac associated with the
port
Sh cam dynamic <mod/port> will give you the mac associated with the port
Thanks
Chuck Brantley
-----Original Message-----
From: Khurana, Sameer [mailto:SKHURANA@amfam.com]
Sent: Thursday, October 13, 2005 11:07 AM
To: Brantley, Charles; Sheahan, John; Deep Ratan
Cc: ccielab@groupstudy.com
Subject: RE: layer-2 interview question
If I do sh cam dynamic, I am seeing lots of Mac-addresses. So, I did
show cam <mac-add> and got the following output.
Switch> sh cam 00-30-6E-27-CC-3E
* = Static Entry. + = Permanent Entry. # = System Entry. R = Router
Entry.
X = Port Security Entry $ = Dot1x Security Entry
VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol
Type]
---- ------------------ -----
-------------------------------------------
194 00-30-6e-27-cc-3e 6/5 [ALL]
Total Matching CAM Entries Displayed =1
Now, how to check out further which is the device I am looking for in
the network? Is it directly connected to port 6/5 or further getting
connected to another switch or router?
Thanks,
Sameer
-----Original Message-----
From: Brantley, Charles [mailto:Charles.Brantley@STJUDE.ORG]
Sent: Thursday, October 13, 2005 10:40 AM
To: Khurana, Sameer; Sheahan, John; Deep Ratan
Cc: ccielab@groupstudy.com
Subject: RE: layer-2 interview question
With the show cam command.
Show cam <mac-add> (XX-XX-XX-XX-XX-XX format)
Thanks
Chuck Brantley
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Khurana, Sameer
Sent: Thursday, October 13, 2005 10:26 AM
To: Sheahan, John; Deep Ratan
Cc: ccielab@groupstudy.com
Subject: RE: layer-2 interview question
I am facing the same problem which was discussed earlier. This time I am
having 6509 with CatOS and the command "sh mac-address-table" doesn't
work on it. I need to trace a mac-address within the network of dozens
of switches and routers with multiple Vlan's. How this can be achieved?
Thanks,
Sameer
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Sheahan, John
Sent: Friday, September 30, 2005 10:41 AM
To: Deep Ratan
Cc: ccielab@groupstudy.com
Subject: RE: layer-2 interview question
If you do a "sh mac-address-table" you will only see the local port
that shows how the switch gets to any particular mac address. For
instance, in the following example, mac-address 0800.20c5.888f is on
VLAN 303, but does not reside on the local switch. The local switch does
tell you that you have to cross Port Channel 30 to get to it (Po30).
This mac might not even be on the next switch, it could on another
switch connected to that switch with a trunk. You would have to do a "sh
mac-address-table address 0800.20c5.888f" to find out how the next
switch knows about that mac address and follow it until you get to the
last switch which will eventually show you a locally connected port.
* 303 0800.20c5.888f dynamic Yes 35 Po30
-------------------------example from a switch running
IOS---------------------------------------
6500-01>sh mac-address-table
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
------+----------------+--------+-----+----------+----------------------
----* 303 0800.20d9.27b4 dynamic Yes 0 Gi4/14
* 303 0800.20f1.21ad dynamic Yes 0 Gi4/22
* 309 0009.b789.9008 dynamic Yes 5 Gi4/7
* 308 0002.ba47.f7ff dynamic Yes 25 Gi4/4
* 308 0080.8c01.e2bc dynamic Yes 150 Gi7/7
* 303 0800.20c5.888f dynamic Yes 35 Po30
* 308 0090.27f9.6dbb dynamic Yes 290 Po30
* 309 0009.b789.90d5 dynamic Yes 5 Po30
* 303 0003.ba08.e68e dynamic Yes 0 Gi4/24
* 304 0003.ba08.e68e dynamic Yes 0 Gi4/25
* 303 0014.3850.928a dynamic Yes 5 Gi7/9
* 303 0003.ba09.90a9 dynamic Yes 35 Po30
_____
From: Deep Ratan [mailto:deep.ratan@gmail.com] Sent: Friday, September 30, 2005 11:26 AM To: Sheahan, John Cc: ccielab@groupstudy.com Subject: Re: layer-2 interview question
John, Your reply answers my question. I didn't know layer-2 information is propagated via VTP across the entire VLAN domain.
In reiteration: If I do a "show cam dyn" on a switch, I'll see the mac address of an end user machine that is connected 10 switches away, assuming both switches have the same VLAN, VTP is working, etc?
On 9/30/05, Sheahan, John <John.Sheahan@priceline.com > wrote:
"sh cam dyn" will show you all mac addresses that the switch knows about
from a layer two persective. That includes machines plugged into hubs that are plugged into switch. It will also know about mac addresses on other switches that are trunked to the switch.
If you are running IOS, you can easily sort through 10,000 mac addresses
with the following command:
"sh mac-address-table | begin 0009.b7e0.c2e"
-----Original Message----- From: nobody@groupstudy.com [mailto: nobody@groupstudy.com <mailto:nobody@groupstudy.com> ] On Behalf Of Deep Ratan Sent: Friday, September 30, 2005 11:04 AM To: ccielab@groupstudy.com Subject: Re: layer-2 interview question
does "show cam" display mac address of A) machines directly connected to the switch ports of the switch or B) machines on all vlans across all switches in those vlans?
If B) is true, the output of that command could have 10,000 entries.
On 9/30/05, Adam S. Roth <adam@therothfamily.net> wrote: > > Show cam > > This email message and any attachments are intended for the use of the
> addressee(s) indicated above. Information that is privileged or otherwise > confidential may be contained herein. If you are not the intended > recipient(s), you are hereby notified that any dissemination, review, or > use > of this message, documents, or information contained herein is strictly > prohibited. > > > > > > -----Original Message----- > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of > Deep > Ratan > Sent: Friday, September 30, 2005 10:48 AM > To: ccielab@groupstudy.com > Subject: layer-2 interview question > > > Hi Everyone, > Sorry to ask a networking-101 question but being a WAN guy, I haven't been > working with switches in the past few years. An interviewer asked me this > question, "If I give you a MAC address that is causing a broadcast storm, > how will you locate the culprit in a switched environment that has several > dozen switches and routers?" > > I replied, "You'll need to give me a layer-3 address so I can trace it to > the right switch/router and then look up the ARP table to see on what port > the offending machine lives" The interviewer didn't like the answer. In > retrospect, I should probably have said, "A broadcast storm renders the > network unusable, so I'll start with looking at my network management > station to see what LAN segment is giving off a critical alarm" > > Anyway, my question to members of groupstudy is this: In an environment > with > several dozen switches, if you're given just a MAC address, can you find > out > where the machine lives? > > thanks, Deep > >
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:50 GMT-3