I need to find this computer
This is an outline on how to find where a piece of equipment is connected to a network using Juniper switches and a Juniper SRX. The concepts are the same when using other manufacturer’s equipment, but the commands will change.
For my example – my network is 10.5.1.0/24. The IP address on the router/SRX is 10.5.1.1
I know the IP address of this machine – where is it connected?
I need to find out where 10.5.1.100 is connected to and on what switch. The first thing I need to find out is the MAC address of 10.5.1.100. So I will ssh to my SRX (hopefully you already know how to do this) – make sure you are at the > prompt
user@SRX>
and enter the command
ping count 3 10.5.1.100
Dont worry (yet) if you get something like
PING 10.5.1.100 (10.5.1.100): 56 data bytes --- 10.5.1.100 ping statistics --- 3 packets transmitted, 0 packets received, 100% packet loss
Some equipment (Windows) by default does not respond to ICMP requests – but we will still get the MAC address if it is connected …..so issue the command :
show arp no-resolve | grep 10.5.1.100
and (if you are lucky) you will see something like this:
ff:ff:ff:21:49:88 10.5.1.100 irb.0 none
The first item is the mac address (note ff:ff:ff:21:49:88 is the mac address of the machine I am looking for – your mac address will be different) Make note of the Mac address – then:
How do I find a device on my network if I have the Mac address?
(If you have not already) ssh to your SRX or router and at the > prompt enter the following command
show ethernet-switching table | grep ff:ff:ff:21:49:88
and you should see something like this:
OFFICENET ff:ff:ff:21:49:88 D - ge-0/0/5.0 0 0
This is the point where you need to know a little bit about your network. Either the device in question is connected to that port on my router – or there is a switch connected to this port. In this case I know I have a switch connected to this port (ge-0/0/5) on my router…and that switch on my network is 10.5.1.3 (aka switch 3). So disconnect your ssh session from the router and ssh to the switch
Now at the > prompt on the switch issue the command
show ethernet-switching table | grep ff:ff:ff:21:49:88
and I got
default ff:ff:ff:21:49:88 D - xe-0/1/3.0 0 0
Now – if you are smart when you configure your switches – you will put in descriptions for your trunk ports. Note that the above command indicates the mac address we are searching for is connected to xe-0/1/3 so lets issue the command
show configuration interfaces xe-0/1/3 description
and I see
description "Trunk to SW5 XE-0/1/0";
So this port on switch 3 is connected to switch 5 port xe-0/1/0 – so now I need to go talk to switch 5 – so end your ssh session to switch 3 and ssh to switch 5 – and at the > prompt enter the command
show ethernet-switching table | grep ff:ff:ff:21:49:88
and I get
default ff:ff:ff:21:49:88 D - xe-0/1/1.0 0 0
lets check what port xe-0/1/1 is…..
show configuration interfaces xe-0/1/1 description
and we get
description "Fiber Trunk to SW7";
so lets disconnect from switch 5 and ssh to switch 7 and at the > prompt enter
show ethernet-switching table | grep ff:ff:ff:21:49:88
and we get
default ff:ff:ff:21:49:88 D - ge-0/0/16.0 0 0
Now we execute
show configuration interface ge-0/0/16 description
and we get (if we put in descriptions on every interface)
description "Judy's Desk"
Now we know where the device is.