It’s really relatively straight forward, but is made considerably easier with a managed switch fabric. I actually worked through this process with one of my Astound Wireless customers, last night, over a VPN. When the ping stops, you’ve found the rogue.Ĭongratulate yourself by having a coffee, beer, or a non-stimulating beverage. You know something about the device, the manufacturer.Īs you unplug devices, check whether the ping stops. You know that it’s on the network, and can ping it (so you can tell when it’s been disconnected). Hopefully, you might have some clue as to what is on each port, distribution switch wise, especially if you have managed under-desk distribution switches, although this is generally unlikely. If there’s a single port on a managed device, you can disable/shutdown the port.įailing that, if you find that the MAC is in the table, but on a port with other devices too, say, port 1 has 5 other things, and the rogue is one of them, then that indicates that there’s another distribution switch on port 1, and the rogue is connected to that. Looking at the list of address tables (I find it’s helpful to copy/paste them into a text editor, then do a search on the MAC of the rogue.) see if you can track down a port that has only that MAC assigned to it. Every switch has a MAC Address Table where it keeps track of physical switchports, and the learned MAC addresses it’s seen on those ports. Next, you want to open the management pages of all of the switches on the fabric of your network. We’ll need this to confirm that it’s been killed when we start unplugging/disabling ports. This works because all MAC address prefixes are registered by IANA, so you can look up a MAC address and it’ll tell you who made the thing (roughly).įrom the client with the rogue-assigned IP address, set up a long-running ping to the default gateway. Go to and paste the found Physical/MAC address of the rogue.
What you’re looking for is the mapping between the IP address and the Physical (MAC) address. In a Powershell/Cmd/Terminal window, run the command to view the ARP table. We need to do this to populate the ARP table. Ping the default gateway for a few seconds. Once you’ve got an IP from the rogue, look at the ethernet adaptor’s status, and get the IP of the default gateway.
#Extreme switch show mac address table windows#
info or /var/lib/NetworkManager/ will contain the dhcp-server-identifier info on Linux, and something in the Windows Event Logs will show similar :-) Kyle Gordon pointed out that this initially assumes that the DHCP server is the same as the default gateway. You might need to disable the main DHCP server to allow this to happen, as DHCP is a broadcast protocol, so it’s really a case of the early bird getting the worm. Allow a device to get an IP address from the rogue server.Some clients report a different IP address, subnet mask and default gateway, compared to others.Ĭaveats: Without a managed switch fabric, this is considerably more difficult. Symptoms: Some clients are unable to connect to the internet. SeptemThis blog post is *ancient*, and preserved only for historical record. Devopstom's Blog How To: Find a rogue DHCP server on your network
0 kommentar(er)
