在一个Cisco交换网络中间,已知某台机器的IP地址,如何找出它连接到了哪台交换机的哪个端口上呢?最方便快捷的方法使使用CiscoWorks2000LMS网管软件的Usertracking功能,图形化界面,一目了然。如果没有这个软件,也可以使用以下手工分析方法来找出答案:示例网络:核心交换机为6509(交换引擎SE用CatOS,MSFC运行IOS软件)1.找出该IP所对应的MAC地址:通过查看系统的ARP缓存表可以找出某IP所对应的MAC地址。由于ARP不能跨VLAN进行,所以连接各个VLAN的路由模块MSFC就是最佳的选择--一般它在每一个VLAN都有一个端口(interfacevlann),能正确地进行ARP解释。6509MSFC#ping10.10.1.65Typeescapesequencetoabort.Sending5,100-byteICMPEchosto10.10.1.65,timeoutis2seconds:!!!!!Successrateis100percent(5/5),round-tripmin/avg/max=1/1/4ms6509MSFC#showarp|in10.10.1.65Internet10.10.1.6520006.2973.121dARPAVlan2通过以上命令,我们知道10.10.1.65的MAC地址是0006.2973.121d,这是IOS设备的MAC地址表达方式,在CatOS中,应写为00-06-29-73-12-1d.2.在交换机上找出MAC地址所对应的端口6509SE(enable)showcam00-06-29-73-12-1d*=StaticEntry.+=PermanentEntry.#=SystemEntry.R=RouterEntry.X=PortSecurityEntry$=Dot1xSecurityEntryVLANDestMAC/RouteDes[CoS]DestinationPortsorVCs/[ProtocolType]----------------------------------------------------------------------200-06-29-73-12-1d9/41[ALL]TotalMatchingCAMEntriesDisplayed=1这是不是说IP为10.10.1.65的机器就接在端口9/41上呢?不一定。如果以下命令中显示该端口上只有一个活动的MAC地址,那么答案就是肯定的:6509SE(enable)showcamdynamic9/41*=StaticEntry.+=PermanentEntry.#=SystemEntry.R=RouterEntry.X=PortSecurityEntry$=Dot1xSecurityEntryVLANDestMAC/RouteDes[CoS]DestinationPortsorVCs/[ProtocolType]----------------------------------------------------------------------200-06-29-73-12-1d9/41[ALL]TotalMatchingCAMEntriesDisplayed=1如果该命令显示该端口上有多个活动的MAC地址,那么这个端口应该连接到别的交换机或HUB设备上,见下面的例子(查找IP为10.10.1.250所对应的交换机端口):6509MSFC#ping10.10.1.250Typeescapesequencetoabort.Sending5,100-byteICMPEchosto10.10.1.250,timeoutis2seconds:!!!!!Successrateis100percent(5/5),round-tripmin/avg/max=1/1/1ms6509MSFC#showarp|in10.10.1.250Internet10.10.1.25040009.6b8c.64ecARPAVlan26509SE(enable)showcam00-09-6b-8c-64-ec*=StaticEntry.+=PermanentEntry.#=SystemEntry.R=RouterEntry.X=PortSecurityEntry$=Dot1xSecurityEntryVLANDestMAC/RouteDes[CoS]DestinationPortsorVCs/[ProtocolType]----------------------------------------------------------------------200-09-6b-8c-64-ec3/11[ALL]TotalMatchingCAMEntriesDisplayed=16509SE(enable)showcamdy3/11*=StaticEntry.+=PermanentEntry.#=SystemEntry.R=RouterEntry.X=PortSecurityEntry$=Dot1xSecurityEntryVLANDestMAC/RouteDes[CoS]DestinationPortsorVCs/[ProtocolType]----------------------------------------------------------------------100-03-e3-4b-06-803/11[ALL]100-08-02-e6-b0-cd3/11[ALL]100-02-a5-ee-f2-4f3/11[ALL]100-09-6b-8c-66-d63/11[ALL]100-09-6b-63-17-d93/11[ALL]100-0b-cd-03-ec-f53/11[ALL]100-09-6b-63-17-d83/11[ALL]100-08-02-e6-b0-c13/11[ALL]100-08-02-e6-b0-853/11[ALL]100-08-02-e6-b0-813/11[ALL]100-02-a5-ef-16-af3/11[ALL]100-02-a5-ee-f2-933/11[ALL]100-02-55-c6-05-613/11[ALL]200-09-6b-8c-64-ec3/11[ALL]100-08-02-e6-b0-ed3/11[ALL]100-08-02-e6-b0-a93/11[ALL]100-02-55-54-7a-e03/11[ALL]100-02-a5-ef-15-a63/11[ALL]100-08-02-e6-af-8f3/11[ALL]100-08-02-e6-b0-bd3/11[ALL]100-0b-cd-03-db-8b3/11[ALL]100-09-6b-8c-25-503/11[ALL]Doyouwishtocontinuey/n[n]?n由于该端口连接到另一台交换机或HUB,必须继续追查,方法如下:6509SE(enable)showcdpnei3/11*-indicatesvlanmismatch.#-indicatesduplexmismatch.PortDevice-IDPort-IDPlatform----------------------------------------------------------------------------3/11Cisco2924GigabitEthernet1/1ciscoWS-C2924M-XL该命令显示对端设备是一台Cisco2924,如果没有显示,那么说明连接的是别的厂家的设备,可能要到该交换机上用类似的办法继续追查。本例子中是Cisco设备,所有我们可以继续:6509SE(enable)showcdpnei3/11dePort(OurPort):3/11Device-ID:Cisco2924DeviceAddresses:IPAddress:10.10.0.60Holdtime:153secCapabilities:TRANSPARENT_BRIDGESWITCHVersion:CiscoInternetworkOperatingSystemSoftwareIOS(tm)C2900XLSoftware(C2900XL-C3H2S-M),Version12.0(5.2)XU,MAINTENANCEINTERIMSOFTWARECopyright(c)1986-2000byciscoSystems,Inc.CompiledMon17-Jul-0017:35byayounesPlatform:ciscoWS-C2924M-XLPort-ID(PortonNeighbors'sDevice):GigabitEthernet1/1VTPManagementDomain:lanNativeVLAN:1Duplex:fullSystemName:unknownSystemObjectID:unknownManagementAddresses:unknownPhysicalLocation:unknownCisco2924#showmac-address-tabledynamicaddress0009.6b8c.64ecNon-staticAddressTable:DestinationAddressAddressTypeVLANDestinationPort-------------------------------------------------------0009.6b8c.64ecDynamic2FastEthernet0/2Cisco2924#showmac-address-tabledynamicinterfacef0/2Non-staticAddressTable:DestinationAddressAddressTypeVLANDestinationPort-------------------------------------------------------0009.6b8c.64ecDynamic2FastEthernet0/2通过以上命令可知,MAC地址0009.6b8c.64ec与Cisco2924交换机相连,且是该端口上唯一活动的MAC地址,所以IP为10.10.1.250的机器应该就连接在这个端口上。