Simple Networking

How to find a host by it’s MAC address on Cisco switch


In everyday work, it’s often necessary to determine the switch and port a user or device is connected to. To do it, you don’t have to look for it visually. All you need is to know its MAC address.
The point is that each switch stores information about all MAC addresses that showed at least any network activity in the last few minutes. Your task is to use this information wisely.
So, let’s say you need to find the switch port a user John is connected to. It’s known that the IP address of his computer is

There are two possible ways of how you can determine the MAC address:

  • To execute the ipconfig /all command in the command line on the user’s computer



  • To learn the MAC address remotely if you know the user’s computer IP address. It’s possible if you have access to a Cisco router or Cisco ASA firewall which is the default host gateway. The ARP table on these devices will contain the compliance of the MAC and IP addresses.

For searching, use the sh arp | inc x.x.x.x command, where x.x.x.x is the IP of the host we need.

R-DELTACONFIG-1#  sh arp | inc
Protocol  Address           Age (min)  Hardware Addr   Type   Interface
Internet           236   78ac.c0bb.74f2  ARPA   Vlan10

As we see, the device with the IP address has the 78ac.c0bb.74f2 MAC address and is located in VLAN 10.
Having determined the device’s MAC address, you can keep on searching for its direct location on the switch.
The show mac address-table command (it can sometimes be written with an additional hyphen instead of a space, like this: show macaddress-table) shows the MAC address table of all active devices that are connected to the switch.
SW-DELTACONFIG-1# sh mac address-table
Mac Address Table
Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
1    1111.1111.1111    DYNAMIC     Fa0/1
2    2222.2222.2222    DYNAMIC     Fa0/2
3    3333.3333.3333    DYNAMIC     Fa0/3
4    4444.4444.4444    DYNAMIC     Fa0/4

deltaconfig cisco outsourcing

Usually, there are a large number of records shown at this table. For more convenience, you can filter the necessary МАС address. Usually, four last symbols will be enough. In our case, search for the 78ac.c0bb.74f2 MAC address looks so:
SW-DELTACONFIG-1#sh mac address-table | inc 74f2
10    78ac.c0bb.74f2    DYNAMIC     Gi0/1

The output line shows that the host is located in VLAN 10 and is connected to a port of the Gigabitethernet 0/1 switch.

If you have a small office and all network is organized only using one switch, your search is finished. But if there are several switches in the network, it’s possible that you found not the final one. Sometimes, another switch is connected to the found port of the current switch. In this case, you should repeat search in the MAC addresses table of the neighboring switch.
If you have several switches in your office, use the sh cdp neighbors command to determine the name and address for running the neighbor switch. The command will show you names and related ports of all the Cisco switches that are connected to the current switch. The sh cdp neighborsdetail command will additionally show the IP addresses for controlling the neighbor switches.
SW-DELTACONFIG-1#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID     Local Intrfce         Holdtme   Capability    Platform   Port ID
Gig 0/1               123            S I     WS-C3560G-Gig 0/18

Device ID (SW-DELTACONFIG-2) – the name of the neighbor device
Local Intrfce (Gig 0/1) – the local interface where the neighbor switch is connected to
Port ID (Gig 0/18) – the interface of the neighbor switch.
SW-DELTACONFIG-1#sh cdp nei detail
Device ID: SW-TEST-2
Entry address(es):
IP address:
Platform: cisco WS-C2960-24TT-L,  Capabilities: Switch IGMP
Interface: GigabitEthernet0/1,  Port ID (outgoing port): GigabitEthernet0/18
Holdtime : 144 sec
Now you should connect to the neighbor switch SW-DELTACONFIG-2 with the running address and find the necessary MAC address there.

With proper skill, this method will allow you to find hosts in a network of any size in no more than a couple of minutes without evenhttps:// away from your workplace.

This article was written by Alexey Yurchenko

Back to Table of contents


How can I help you?