Geek Network Post - MAC L2 traceroute

[Cornholio 0]

Thought I'd run this by you geeks and see if you have a suggestion.

I'm trying to track down an IP conflict on our network. Basically the topology is this:

Cisco3550---Trango Wireless AP-----Many Subscribers (with their own routers and clients behind those routers)

So far I can tell on the Cisco that the MAC is on port Fa0/1 which is connected to this AP. But the APs and Subscriber units don't have a "show MAC table" command or anything similar.

However IOS has a command "Traceroute MAC" that seems would work, but it keeps barfing at my source address mac, even though it is correct. Plus it really only is reliable with Cisco IOS devices that support CDP, so trying to find the MAC on the Trango devices might not work too well.

I have posted this to the Trango Broadband forums, but have yet to hear anything. Is there any software out there that I can run on a server inside the network that would spit out a Layer2 hop trace ? That would narrow it down to the Subscriber unit and then I can just send them an e-mail and ask WTF !?!?

Any suggestions ?

Butthead: Whoa! Burritos for breakfast!
Beavis: Yeah! Yeah! Cool!
bellyflier on the dz.com hybrid record jump

[PhillyKev 0]

You're losing me. Are the routers that each client is behind performing NAT? Is the MAC address you have that of the router or of the client you are trying to identify. Either way, what ARE you trying to identify if you already have the IP and MAC address?

[Cornholio 0]

Quote

You're losing me.

Ok, that might have been a little vague...Let me try to explain.

Hanging off the Cisco switch is a Trango wireless access point (AP). Connecting to this AP are subscriber units (SU). Basically it's a Point-to-multipoint connection. And the AP and SU are bridges. They do no routing.

> Are the routers that each client is behind performing NAT?

So behind each SU are clients. Now those clients may have a router (doing NAT) or they may have many routers or just machines with this offending IP address.

>Is the MAC address you have that of the router or of the client you are trying to identify.

Could be either one. Router or PC. However I did a MAC lookup and the MAC is assigned to Quantum Computers. So I am assuming it's just a PC/Server.

>Either way, what ARE you trying to identify if you already have the IP and MAC address?

I can only see the MAC off the Cisco port. There are two other Layer 2 devices (the AP and the SU) that are bridging traffic beyond that. I need to find out which SU that MAC address is on.

Butthead: Whoa! Burritos for breakfast!
Beavis: Yeah! Yeah! Cool!
bellyflier on the dz.com hybrid record jump

[Cornholio 0]

And yes, this IP is a public IP address. We don't use private IPs on our network. I work/help part time (read: no pay yet) for a Wireless ISP, so maybe that helps.

Butthead: Whoa! Burritos for breakfast!
Beavis: Yeah! Yeah! Cool!
bellyflier on the dz.com hybrid record jump

[PhillyKev 0]

Ok....so can't you just do a tracert to the IP address?

[Cornholio 0]

Quote

Ok....so can't you just do a tracert to the IP address?

Sure I can, but the last hop would be the cisco switch doing layer 3 routing. the AP and the SU don't route, so they would not show up under a normal IP traceroute. I need something to show me the Layer 2 path that it takes to get to that IP. That will show which SU has the conflicting IP.

Butthead: Whoa! Burritos for breakfast!
Beavis: Yeah! Yeah! Cool!
bellyflier on the dz.com hybrid record jump

[lummy 4]

can the access point restrict access by MAC address? restrict that one and let them call you

I promise not to TP Davis under canopy.. I promise not to TP Davis under canopy.. eat sushi, get smoochieTTK#1

[Slappie 9]

Quote

can the access point restrict access by MAC address? restrict that one and let them call you

BEst idea I've seen so far

"Find out just what any people will quietly submit to and you have found out the exact measure of injustice and wrong which will be imposed upon them."

[PhillyKev 0]

Quote

the AP and the SU don't route, so they would not show up under a normal IP traceroute

Duh....overlooked the part about them not routing.

Never had to trace through bridges. What about pathping? I know that works on layer 2 in some fashion. Not sure what info it gives though.

[Cornholio 0]

Quote

can the access point restrict access by MAC address? restrict that one and let them call you

Hehe That is what I was planning on doing. Putting an ACL on the router and then hope they call when they don't have Internet Access anymore.

Butthead: Whoa! Burritos for breakfast!
Beavis: Yeah! Yeah! Cool!
bellyflier on the dz.com hybrid record jump

[lummy 4]

LOL.. great minds think alike :)

I promise not to TP Davis under canopy.. I promise not to TP Davis under canopy.. eat sushi, get smoochieTTK#1

[Cornholio 0]

Quote

What about pathping? I know that works on layer 2 in some fashion. Not sure what info it gives though.

Just tried that. Looks to be just a glorified IP traceroute.

Thanks for the suggestion.

Butthead: Whoa! Burritos for breakfast!
Beavis: Yeah! Yeah! Cool!
bellyflier on the dz.com hybrid record jump

[labrys 0]

Quote

Quote

can the access point restrict access by MAC address? restrict that one and let them call you

Hehe That is what I was planning on doing. Putting an ACL on the router and then hope they call when they don't have Internet Access anymore.

I think that blocking the MAC address at the WAP would work better. You can't use ACLs on the router to block layer 2, only layer 3 (I'm pretty sure o'that)

Unless you meant to block the layer 3 address and have both parties involved calling ya.

Owned by Remi #?