# Finding a switch on my network!



## RoderickUsher (Jul 1, 2010)

Hi everyone









Ok. I have a CISCO Catalyst Express 500G switch on my network. The person who set the network up (before I was here) neglected to make note of the configuration IP for it. That wasn't a problem until now (I need to change a setting on the switch). I have NO idea how to find it out. I have:

checked the arp logs of several computers.
looked in the DHCP list (its not there so I'm assuming it was statically assigned)
manually tried all the addresses in the block we use (192.168.1.1-254)
The stupid 500G doesn't have a console port
I dont want to erase all the settings (because I dont know what they are!)

I have the MAC address but that seems to be less helpful then I thought it would be (RARP requesting doesnt seem to be an option)

How do I find out the config IP address for the stupid switch!

Thank you all SO MUCH in advance for your help -- really banging my head against the wall on this one.


----------



## JohnWill (Oct 19, 2002)

Turn the switch off, see what IP addresses disappear. 

If the switch has a static address, something like SuperScan over the whole subnet should find it.

If it's getting an automatically assigned IP address, check the DHCP server to see what address is assigned to that MAC address.


----------



## RoderickUsher (Jul 1, 2010)

Thanks John,

Turning off the switch really isn't an option as its the switch that all the servers go through. Switch off = network off = sad office. In addition, I doubt it will help. The IP address isn't listed in an arp or DNS tables (in addition not in the DHCP) because it was a) statically assigned and b) only is used for management purposes. Traffic that passes through the switch never interacts with an IP address so there is never any device attempting to resolve to it. 

I'll give SuperScan a try when I get into work in the morning, fingers crossed!


----------



## JohnWill (Oct 19, 2002)

That was the only other option I could come up with.


----------



## RoderickUsher (Jul 1, 2010)

Who makes a switch without a console port? There is NO reason for that


----------



## JohnWill (Oct 19, 2002)

RoderickUsher said:


> Who makes a switch without a console port? There is NO reason for that


Apparently, Cisco makes them.

_The Cisco Catalyst Express 500 Series switches are designed for ease of use. The switch is initialized through the GUI Device Manager; no console cable or terminal emulation application is needed. _


----------



## Squashman (Apr 4, 2003)

So is it web based or is there an application that runs on a computer to configure it?


----------



## JohnWill (Oct 19, 2002)

Squashman said:


> So is it web based or is there an application that runs on a computer to configure it?


Don't know, didn't read that far on the Cisco site.


----------



## zx10guy (Mar 30, 2008)

If the previous person did not turn off CDP (Cisco Discovery Protocol), then you can find the information you need from this. The catch is the device (switch or PC) which can understand CDP must be on the same layer 2 network as the switch in question.

As an aside, the Catalyst Express and 500 series switches do not have the provision for CLI. Hence why no console port and the cheaper price.


----------



## zx10guy (Mar 30, 2008)

Squashman said:


> So is it web based or is there an application that runs on a computer to configure it?


It is web based. But you can also configure it using their Network Assistant configuration software.


----------



## RoderickUsher (Jul 1, 2010)

I want to thank everyone for the help they've put in so far and give an update. After using several programs that scan the entire subnet we use (192.168.1.0/24) I've concluded the device is not to be found. This leaves two options I can think of.

1) The original sysadmin didn't change the ip from the default (which I think makes this impossible)
2) The original sysadmin, for reasons beyond understanding, chose an IP in some totally different subnet. If this is the case then it's more or less unfindable because I'm not going to scan all of the possible private IP address and subnet combos as there are way way way to many. 

As someone astutedly pointed out I could use CDP...problem is I need a device in the correct subnet and if I knew what the correct subnet was I'd be in a much better place. 

My next plan is to hook a laptop directly to one of the switch ports and see if that makes life any easier. Good times.....thanks again for all your thoughts, I'll keep you updated as I figure out more.


----------



## JohnWill (Oct 19, 2002)

It's your "final" test.


----------



## zx10guy (Mar 30, 2008)

RoderickUsher said:


> I want to thank everyone for the help they've put in so far and give an update. After using several programs that scan the entire subnet we use (192.168.1.0/24) I've concluded the device is not to be found. This leaves two options I can think of.
> 
> 1) The original sysadmin didn't change the ip from the default (which I think makes this impossible)
> 2) The original sysadmin, for reasons beyond understanding, chose an IP in some totally different subnet. If this is the case then it's more or less unfindable because I'm not going to scan all of the possible private IP address and subnet combos as there are way way way to many.
> ...


Umm....you need to re-read what you understand about CDP. It doesn't matter if the two switches are on different subnets as I've stated before, the protocol runs over layer 2. This is why for security reasons many admins turn off CDP globally as all Cisco switches by default broadcast CDP frames on all their switch ports. You also have the option of turning off CDP broadcasting on a per port basis. I prefer to have a balance where I shut off all CDP traffic on all access ports and leave it enable on my trunk/uplink ports.


----------



## zx10guy (Mar 30, 2008)

Something I just thought of. You can plug your laptop into the switch and sniff the CDP traffic off that port with Wireshark. Because the information isn't encrypted nor does it require authentication, all the information about the switch is in clear text. Again, why many admins turn off CDP as it allows easy reconnaissance of a network.


----------

