刚刚发现一个ip流量异常大。想找到它对应的设备端口然后干掉!
因为对cisco设备不熟。So做个笔记以防以后再次遇到。
Cisco4506上
sh arp | in 192.168.1.68
Internet 192.168.1.68 3 0021.86ef.6a8c ARPA Vlan3
找到ip对应的mac地址
sh mac-address-table | in 0021.86ef.6a8c
3 0021.86ef.6a8c dynamic ip GigabitEthernet3/21
mac地址对应的端口
sh mac-address-table | in Gi3/21
1 ffff.ffff.ffff system Switch,Gi2/3,Gi3/17,Gi3/19,Gi3/20,Gi3/21
Gi3/20,Gi3/21,Gi3/22,Gi3/23,Gi3/24,Po11
Gi3/21,Gi3/22,Gi3/23,Gi3/24,Gi6/17,Gi6/19
4 ffff.ffff.ffff system Switch,Gi2/3,Gi3/17,Gi3/19,Gi3/20,Gi3/21
5 ffff.ffff.ffff system Switch,Gi2/3,Gi3/17,Gi3/19,Gi3/20,Gi3/21
6 ffff.ffff.ffff system Switch,Gi2/3,Gi3/1,Gi3/17,Gi3/19,Gi3/20,Gi3/21
7 ffff.ffff.ffff system Switch,Gi2/3,Gi3/17,Gi3/19,Gi3/20,Gi3/21
8 ffff.ffff.ffff system Switch,Gi2/3,Gi3/17,Gi3/19,Gi3/20,Gi3/21
9 ffff.ffff.ffff system Gi2/3,Gi3/17,Gi3/19,Gi3/20,Gi3/21,Gi3/22
11 ffff.ffff.ffff system Switch,Gi2/3,Gi3/17,Gi3/19,Gi3/20,Gi3/21
12 ffff.ffff.ffff system Switch,Gi2/3,Gi3/17,Gi3/19,Gi3/20,Gi3/21
看看ip和端口是不是一对一的关系。结果显然不是。应该是下面连有二层设备。
sh cdp neighbors Gi3/21 detail
————————-
Device ID: 3-2960-3
Entry address(es):
IP address: 192.168.3.4
Platform: cisco WS-C2960-24TT-L, Capabilities: Switch IGMP
Interface: GigabitEthernet3/21, Port ID (outgoing port): GigabitEthernet0/2
Holdtime : 125 secVersion :
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 28-Jul-06 04:33 by yenanhadvertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF010221FF0000000000000019AA6AAB00FF0000
VTP Management Domain: ‘d2’
Native VLAN: 1
Duplex: full
查看Gi3/21连的那台二层交换机,可以看到是Cisco2960-3 ip是192.168.3.4
登陆这台设备
sh mac-address-table | in 0021.86ef.6a8c
3 0021.86ef.6a8c DYNAMIC Fa0/19
可以看到此ip对应的mac地址是Fa0/19端口
