Hour 133: Arp Tables and more TCL Scripts

In a large environment, tracking down hosts and servers can be quite a challenge depending on the situation. If the host/server is reachable through ICMP, the task is fairly easy as you can resolve a port/MAC relationship with the last hop device ARP table. What if the server/host has a port configuration issue or physical cabling issue and the arp-cache of its connected device has timed-out?

This is a problem that you can encounter and unfortunately there is not a lot you can do in this situation other than physically trace the cable from the server/host to the device it’s connecting to. This isn’t feasible in most large environments because the process of tracking a cable in a data-center can be strenuous and time consuming. The best solution to prevent this would be to run scheduled back-ups of the arp tables and MAC address tables every day and consolidate them. This way you will have a MAC to ip to port relationship database and history for future reference. Next time a sysadmin gives you the MAC address or ip of a server that you cannot reach, you can find its last known location through your database.

Before you start running backups of the arp-tables, you need to make sure that all the clients/servers MAC’s are actually cached in the switches you are polling backups from. To do this, simply run a TCL ping sweep script from the switch to wake the un-cached ports. Here’s a TCL ping sweep script that I use:

for {set i 1} {$i <= 254} {incr i} {
set var 10.1.1.
append var $i
ping $var rep 2 time 1}

This script sends 2 ICMP echo requests and if there is no entry in the ARP table, the echo request is unconditionally dropped and an ARP request is sent instead. After that, you can run another custom script to get the IP/MAC/Physical interface information or just run the show ip arp and show mac-address-table commands and store the output with a date and time for future use.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s