Hi,
Well, this will probably not work with GNS3, but is very useful in "real world" if you have a network with dozens of switches (like me ;)
How do you find where a PC is connected in your network if you don't have a database/notebook with all those informations?
Probably like me ;) connecting to core SW and start to track that mac, switch by switch... Ugly!, but works :)
Recently I reconfigured all the switches at work and added some security stuff (port-security,storm-control,bpduguard,non vlan 1,separated man vlan, etc) and users
start complaining that the network is no longer working ;) and in this way we found 3 loops inside the network (after asking users why they plug the cable coming from
a unmanaged SW back to it, they simply said, that the cable was hanging down and it had to be plugged somewhere ;)
But now everything works just nice...
So, I've create a script to do it automatically for me and few minutes ago after finishing that script I try to see is there is something else that can do the same
and THERE IS :)))) Cisco IOS command "traceroute mac" (l2trace).
For more info about l2trace see:
The ciscozine.com tutorial or
Using the Layer 2 Traceroute Utility.
Anyway I will still put this here because it can do some stuff unsupported by "traceroute mac" command (no need to specify a source mac address, but a Sw from where to start looking, and can trace for more than 10 switches chain)
Note: It works with Cisco switches Only and you must have CDP enable at least on trunks/links between switches!
Latest version of TraceMAC is v0.5 - [
Download for Windows] - [
Download for Linux]
Code:
C:\> tracemac
TraceMAC v0.5 for Cisco Switches, by Ninel Piroi <ninix20(at)gmail(dot)com> - 09/Mar/2013
Usage:
'tracemac <TARGET_IP/TARGET_MAC> <SWITCH_IP>' - Trace a Mac Address
'tracemac -c' - Edit configuration file in Notepad
TARGET_IP = The IP address or Hostname for the device you are searching for;
This script will try to determine its MAC address.
TARGET_MAC= The MAC address you are searching for;
Any MAC address formats are allowed. (Unix, Cisco or Windows style)
SWITCH_IP = Switch IP address/Hostname from where to start the search. (Optional);
There is a default value for this switch IP in the configuration file.
Tested with Cisco SW: 2960,3560,3750,4948,6509,Express 500
[WARNING]
*> In order to work properly all switches must have enabled CDP between up-links!
[Tool Description]
*> Script used to search a specific MAC address in a large layer2 network (Switches);
It is doing that by querying the switches CAM table until it finds the
interface that learned that MAC address, but has no CDP neighbor on it.
*> You can search using a IP address or a MAC address. The script is automatically
detecting if the input query is a MAC or not. If a IP/Hostname is used, then
the script should be run from a PC that is on the same VLAN/Subnet with that
IP/Hostname, because is trying to get the MAC address by using PING and ARP.
Anyway, if the target IP/Hostname is not in the same VLAN/Subnet, the script will
use another method to get the MAC address over Layer3 using a external device
like a Cisco Router/Layer3 Switch or a Linux Router/Firewall, also the windows
version of this script can use NETBIOS scan (UDP-137) to detect the MAC address,
but if the target is not a Windows PC or is protected with a firewall will not work!
[Login informations]
*> This script supports multiple protocols used to connect to Cisco switches in order
to extract the required informations, so please edit the file 'tracemac_cfg.ini'
according to your needs;
*> It also can try to connect to a switch using multiple ways if the first protocol
fails, by changing to another protocol (for more info check the config file);
*> For SSH/Telnet it requires a recommended 'privilege level 1' account;
*> For HTTP/HTTPS use a account with privilege level 15, if privilege 1 fails;
*> For SNMP version 1 and 2c requires a read-only 'community string';
*> For SNMP version 3 requires a read-only SNMPv3 username.
C:\> tracemac 10.99.99.99 172.20.99.225
TraceMAC: 0023.7bc9.01aa - (10.99.99.99) - [MAC detection: "External Unix device: '192.168.15.1->eth2.30'"]
1) SW_xx_23 - 172.20.99.225 [WS-C2960-8TC-L] Gi0/1 -> Gi1/0/23 SW_xx_65 - 172.20.99.224
2) SW_xx_65 - 172.20.99.224 [WS-C3750G-48TS] Gi1/0/24 -> Gi0/20 SW_xx_43 - 172.20.99.217
3) SW_xx_43 - 172.20.99.217 [WS-C3560G-24TS] Gi0/21 -> Gi1/0/40 SW_xx_42 - 172.20.99.216
4) SW_xx_42 - 172.20.99.216 [WS-C3750G-48TS] Po3(Gi1/0/41) -> Gi0/48 SW_xx_55 - 172.20.99.1
5) SW_xx_55 - 172.20.99.1 [WS-C3560G-48TS] Po5(Gi0/52) -> Gi1/46 SW_xx_61 - 172.20.99.80
6) SW_xx_61 - 172.20.99.80 [WS-C4948] Gi1/9 -> Gi2 SW_xx_99 - 172.20.99.21
7) SW_xx_99 - 172.20.99.21 [WS-CE500-24TT] Fa5 (Vlan30) - "Room 129, Outlet 3A, John Smith PC"
TraceMAC completed!