I am trying to find a rogue MAC that keeps popping up on my network. Becasue of the way I have my IP structure network segmented it will tell me the building and floor of the MAC.
If, that is, I can get my switches to record or notifiy me of its existance when it is inserted.
From CLI:
"show vlan info fdb-entry"
From here, you can either browse the MACs, or enter a specific mac value after the word entry (which is what i suppose you want to do).
Example:
show vlan info fdb-entry mac 00:XX:YY:ZZ:AA:11
I hope this is helpful in tracking down your suspect
I don't know of any events or filters that you could trigger on, HungryHouse's command will work in real-time once you know to look... I guess the only automated thing I can think of is to write a script to periodically suck down the FDB tables and grep for the offending address.
Its kind of a brute-force approach, but if you're feeling up to it, you could use the snmpwalk tool from this package:
in a batch file or Perl script to do something like this:
snmpwalk -v 1 -c public 192.168.1.2 .1.3.6.1.2.1.17.4.3.1.1
saving the output to a file with a pipe, then with a command-line grep or search tool you could trigger an event or 'net send' action to alert you.
Its messy, but sometimes its the messy things that make this job fun... in any case hopefully someone smarter than I will have a more elegant solution.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.