[j-nsp] juniper switch ex2200 how to find port from ip address?

Tyler Christiansen tyler at adap.tv
Wed Aug 27 00:14:29 EDT 2014 

First, I'd like to say that all of the advice in this thread is solid.
Now, with that said, read on for a way to do this without logging into
devices yourself.


> On Tue, Aug 26, 2014 at 1:26 PM, Jed Laundry <jlaundry at jlaundry.com>
> wrote:
>
Just to throw it out there, I created the attached op script a while ago to
> do this in a small office environment. It does require having a family inet
> address on the switch (so don't forget your firewall filters to prevent
> cross-vlan contamination!)
>

​Hi, Jed.  Looks like the mailing list ate your attachment.​



> Next on my todo list was for it to run through a list of switches running
> the get-ethernet-switching-table-information remotely, so that it could be
> used on a larger LAN without inet addressing each switch. And inet6, of
> course.
>

​The thread in general (and this part specifically) inspired me to spend 15
minutes writing a script to do (pretty much) this.​  You need to know the
gateway device, and all devices in question must be Juniper.  Assuming
that's the case, you also need py-junos-eznc.  You'll need to do everything
necessary to run py-junos-eznc, too--that means having NETCONF over SSH
configured on your devices.

You can grab the script from
https://gist.github.com/supertylerc/3b11111a219b0a49a56c and run it from
any Linux-based host with py-junos-eznc.  Might work with Windows and/or OS
X, but Linux is where I've tested it.

Edit 40, 41, and 44 to suit your environment, chmod the script (chmod 700
/path/to/find_server), then just run the script (/path/to/find_server).

I figured this would be a halfway decent, somewhat easy-to-understand
script that anyone could use easily.  Here's an example:

╭─tyler at deathstar in ~ using ‹ruby-2.1.1› 14-08-26 - 20:50:30
╰─○ ./find_mac
{'ip_address': '192.168.1.1',
 'mac_address': 'ab:cd:ef:12:34:56',
 'switches': [{'sw01.example.com': [{'interface': 'xe-2/1/0.0',
                                    'vlan': 'internal'}]},
              {'sw02.example.com': [{'interface': 'ge-2/0/14.0',
                                    'vlan': 'internal'}]},
              {'sw03.example.com': [{'interface': 'xe-1/0/22.0',
                                    'vlan': 'internal'}]}]}

It runs through 4 devices.  The switches are done in "parallel" after the
gateway is done.  There's a minor "issue" in that if the gateway is also
one of the switches, you'll end up connecting to it twice.  Not a big deal
to me, but just for clarity.  Also, obviously this shows you the switches
that are upstream, so you might get some "fluff."  I happen to know that
our 10G interfaces are (mostly) trunk ports only, so I can ignore them.  It
could be extended to get interface descriptions too.

It's not tested with IPv6 or routing instances, though either would
probably be trivial to add and test.
​

​Oh, one last thing: the script assumes SSH keys are the login method.  If
not, you'll _probably_ want to add a password (see the py-junos-eznc docs)
prompt instead of hard-coding the password.​

If you're having any issues or have questions, please feel free to reach
out to me individually (avoid spamming list).

Thanks!

--tc



> Thanks,
> Jed.
>
>
>
>
> On 27 August 2014 01:31, Per Granath <per.granath at gcc.com.cy> wrote:
>
> > This might be interesting: http://youtu.be/Le9S2rj_qXI?t=19m46s
> (starting
> > from 19m and 46s into the video).
> >
> >
> > -----Original Message-----
> > From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf
> > Of Evangelos Kanarelis
> > Sent: Tuesday, August 26, 2014 3:43 PM
> > To: juniper-nsp at puck.nether.net
> > Subject: Re: [j-nsp] juniper switch ex2200 how to find port from ip
> > address?
> >
> > This has now been resolved.
> >
> > Managed to get access to the core switch and used the arp table.
> >
> > Thank you all for your help :-)
> >
> > Angelo Kanarelis
> > Infrastructure Support Engineer
> >
> >
> >
> > T: +44 (0) 207 421 2575  M: +44(0) 779 5613721 2nd Floor, Nexus Place,
> 25
> > Farringdon Street, London, EC4A4AB
> >
> >
> > -----Original Message-----
> > From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf
> > Of Phil Mayers
> > Sent: 26 August 2014 13:06
> > To: juniper-nsp at puck.nether.net
> > Subject: Re: [j-nsp] juniper switch ex2200 how to find port from ip
> > address?
> >
> > On 26/08/14 12:22, Evangelos Kanarelis wrote:
> > > Hello everybody
> > >
> > > I am relatively new to networking and I am currently managing a few
> > > EX2200 switches.
> > >
> > > I need to find to which port a machine is connected to, but all I have
> > > is an IP Address. I know that I can use show ethernet-switching table
> > > brief but unfortunately I do not have the MAC address.
> > >
> > > Any help would be greatly appreciated.
> >
> > When you have time, consider looking into running something like Netdisco
> > against your switches and routers.
> >
> > Without a MAC, it's not straightforward.
> >
> > It's not really difficult either, but if you're new to networking all the
> > suggestions I can think of (put an IP address on the ports vlan, ping the
> > host, look in the ARP table; put a logging firewall filter in, look for
> > matches; enable DHCP/ARP snooping) carry a risk of breaking things.
> >
> > It would be a lot easier if you could find the MAC address from the
> > router. Can you really not do that?
> >
> > Or if you can get to the host, just unplug then re-attach the host, then
> > look in the switch logs for which port just came up.
> >
> > If not, the "safest" thing is probably to modify the switch to have an IP
> > address on the port VLAN and ping the host, then find the MAC from the
> ARP
> > table like so:
> >
> > == Add the IP to the vlan ==
> >
> > configure
> > set vlan <name> l3-interface vlan.<tag>
> > set interfaces vlan unit <tag> family inet address <ip/mask> commit
> >
> > == Find the IP/MAC/port ==
> >
> > run ping <ip> count 1
> > run show arp no-resolve hostname <ip>
> > run show ethernet-switching table | match <MAC from the ARP output>
> >
> > == Undo adding the IP
> >
> > rollback 1
> > commit
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list