Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Niall_Lynch
Explorer

Determine the IP address of a connected switch

Hello,

I am hoping someone may be able to help me out here. Thanks in advance.

I have a cluster of 6200 devices. I have a netgear switch which is connected to one of the interfaces but I do not know the IP address of the switch. Is it possible to determine the IP Address of the switch if I have the MAC address of the switch please? I have performed an arp -a but I could not see the MAC address of the device.

Many thanks.

0 Kudos
9 Replies
_Val_
Admin
Admin

Are you sure that Switch even have an IP? It might be that it does not. Why not to look on the switch itself?

0 Kudos
Niall_Lynch
Explorer

Thanks Val, I tried the default IP address of the switch with no luck. 

0 Kudos
_Val_
Admin
Admin

Connect console, look locally on the switch. It may not have ANY IP address to begin with. 

0 Kudos
Guy_Grundman
Employee
Employee

if you are referring to the switch management IP, running lldpneighbors in expert mode might help.

0 Kudos
Niall_Lynch
Explorer

Thanks Guy, I tried lldpneighbors but it did not work. I got lldpneighbors couldn't connect to the OpenLDP transport socket. Is lldpd running? 

My cluster is running on R80.40

0 Kudos
Guy_Grundman
Employee
Employee

Unfortunately LLDP is support from R81.

0 Kudos
Chris_Atkinson
Employee
Employee

Do you see different results if you ping the broadcast address of the subnet first?

0 Kudos
Ruan_Kotze
Advisor

This is not something I tried myself, but what about using tcpdump to see if you can capture lldp packets on the wire?

This certainly looks promising - https://medium.com/@getGroovy/lldp-packet-sniffing-38f999e733fa

0 Kudos
Timothy_Hall
Champion
Champion

There will be two ways to determine the management IP address of the switch: active and passive.  Passive depends on the switch emanating some identifying information such as CDP or LLDP.  My Max Power 2020 book covered how to capture CDP and/or LLDP traffic if it is there; the techniques are listed below.  The switch should always emanate BPDUs for Spanning Tree purposes and you will be able to see these frames in a capture, but they do not contain Layer 3 information such as an IP address to my knowledge.  Ensure that any capture you run is allowed to execute for at least 60 seconds.

As far as active techniques, as Chris said you can try pinging the network broadcast address like this: ping -b 192.168.1.255; then check your ARP cache with arp -an to see if the switch IP has showed up.  You can also try ping -b -I (interfacename) 255.255.255.255.  But some devices won't answer a broadcast ping for whatever reason, so you could run something like this then check the ARP cache afterward:

#!/bin/sh

CNTR=1

while [ $CNTR -lt 254 ]
do
ping 192.168.1.$CNTR -c 1 -t 1 -n
CNTR=$(( $CNTR + 1 ))
done

 

discovery1.pngdiscovery2.pngdiscovery3.png

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos