Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
8610 IP/Mac Alert
- Thread starter OmegaVTX
- Start date
anthonyanderberg
MIS
Are you looking for specific IP/Mac addresses or any address except a given list of known addresses?
- Thread starter
- #3
I am trying to find a rogue MAC that keeps popping up on my network. Becasue of the way I have my IP structure network segmented it will tell me the building and floor of the MAC.
If, that is, I can get my switches to record or notifiy me of its existance when it is inserted.
Thanks
J
If, that is, I can get my switches to record or notifiy me of its existance when it is inserted.
Thanks
J
HungryHouse
Vendor
From CLI:
"show vlan info fdb-entry"
From here, you can either browse the MACs, or enter a specific mac value after the word entry (which is what i suppose you want to do).
Example:
show vlan info fdb-entry mac 00:XX:YY:ZZ:AA:11
I hope this is helpful in tracking down your suspect
-HH
"show vlan info fdb-entry"
From here, you can either browse the MACs, or enter a specific mac value after the word entry (which is what i suppose you want to do).
Example:
show vlan info fdb-entry mac 00:XX:YY:ZZ:AA:11
I hope this is helpful in tracking down your suspect
-HH
anthonyanderberg
MIS
I don't know of any events or filters that you could trigger on, HungryHouse's command will work in real-time once you know to look... I guess the only automated thing I can think of is to write a script to periodically suck down the FDB tables and grep for the offending address.
Its kind of a brute-force approach, but if you're feeling up to it, you could use the snmpwalk tool from this package:
in a batch file or Perl script to do something like this:
snmpwalk -v 1 -c public 192.168.1.2 .1.3.6.1.2.1.17.4.3.1.1
saving the output to a file with a pipe, then with a command-line grep or search tool you could trigger an event or 'net send' action to alert you.
Its messy, but sometimes its the messy things that make this job fun... in any case hopefully someone smarter than I will have a more elegant solution.
Its kind of a brute-force approach, but if you're feeling up to it, you could use the snmpwalk tool from this package:
in a batch file or Perl script to do something like this:
snmpwalk -v 1 -c public 192.168.1.2 .1.3.6.1.2.1.17.4.3.1.1
saving the output to a file with a pipe, then with a command-line grep or search tool you could trigger an event or 'net send' action to alert you.
Its messy, but sometimes its the messy things that make this job fun... in any case hopefully someone smarter than I will have a more elegant solution.
- Status
Similar threads
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question