How to Query Cisco Switch Port Mappings Using IP/MAC Addresses for Network Jack Reconciliation


3 views

During office downsizing, I encountered mismatches between patch panel labels and actual switch port activity. A workstation connected to jack 28 showed active network connectivity, yet the corresponding switch port LED remained dark. Conversely, some lit switch ports traced back to decommissioned jacks.

These CLI commands help resolve physical layer mapping issues:

# Show MAC address table (basic)
show mac address-table

# Detailed version with aging timer
show mac address-table dynamic detail

# Find specific device by MAC
show mac address-table address 0050.56ab.cdef

# Alternative IP-based lookup (requires CDP/LLDP)
show cdp neighbors detail | include IP|Port

When jack 28 showed connectivity but no switch activity:

# Step 1: Get laptop's MAC from ARP cache
arp -a | findstr 192.168.1.45

# Step 2: Query switch (executed in enable mode)
Switch# show mac address-table | include 0050.56ab.cdef
  28    0050.56ab.cdef    DYNAMIC     Gi1/0/28

# Step 3: Verify port config
show interface status gi1/0/28

For larger networks, use Netmiko to automate discovery:

from netmiko import ConnectHandler

cisco_switch = {
    'device_type': 'cisco_ios',
    'host': '10.0.0.1',
    'username': 'admin',
    'password': 'secret',
}

connection = ConnectHandler(**cisco_switch)
output = connection.send_command('show mac address-table dynamic')
print(output)

# Parse output to build port-device mapping
mac_port_map = {}
for line in output.splitlines():
    if 'dynamic' in line.lower():
        parts = line.split()
        port, mac = parts[1], parts[2]
        mac_port_map[mac] = port

connection.disconnect()

For ports showing activity but leading to decommissioned jacks:

# Identify active ports with unusual traffic
show interface counters errors gi1/0/15

# Check for spanning-tree issues
show spanning-tree inconsistentports

# Verify no IP phone or other device exists
show cdp neighbors gi1/0/15 detail

Maintain accurate records using this markdown template:

| Patch Panel | Switch Port | MAC Address    | Device Name  | Last Verified |
|-------------|-------------|----------------|--------------|---------------|
| J28         | Gi1/0/28    | 0050.56ab.cdef | WS-ACCT-12   | 2023-11-15    |
| J32         | Gi1/0/32    | 001d.45fc.12e4 | (disconnected)| 2023-11-15   |

During office downsizing, we encountered a classic network documentation challenge: physical jack numbers weren't properly synchronized with switch port assignments. When tracing jack #28 through patch panels to the switch, the corresponding port showed inactive despite having an active device connected.

Here are three reliable ways to identify connected devices:

# Method 1: Using MAC address tables
show mac address-table | include [partial_mac]
show mac address-table dynamic interface gigabitethernet1/0/28

# Method 2: Using ARP tables (for IP-to-MAC mapping)
show arp | include [ip_address]
show ip arp vlan [vlan_id]

# Method 3: Using LLDP neighbor information
show lldp neighbors interface gigabitethernet1/0/28 detail

For larger environments, consider these Python solutions using Netmiko:

from netmiko import ConnectHandler

switch = {
    'device_type': 'cisco_ios',
    'host': '10.0.0.1',
    'username': 'admin',
    'password': 'password'
}

def find_port_by_mac(target_mac):
    with ConnectHandler(**switch) as net_connect:
        output = net_connect.send_command(f'show mac address-table | include {target_mac}')
        return output.split()[-1] if output else None

def find_port_by_ip(target_ip):
    with ConnectHandler(**switch) as net_connect:
        arp_output = net_connect.send_command(f'show arp | include {target_ip}')
        if not arp_output:
            return None
        mac = arp_output.split()[1]
        return find_port_by_mac(mac)

For active ports leading to non-existent jacks:

# Check for CDP/LLDP neighbors
show cdp neighbors interface gigabitethernet1/0/12 detail

# Verify spanning-tree information
show spanning-tree interface gigabitethernet1/0/12

# Check port statistics for traffic patterns
show interface gigabitethernet1/0/12 counters

Implement these changes for future maintenance:

  • Use standardized labeling (color codes for different VLANs)
  • Maintain a CMDB with port-device mappings
  • Schedule quarterly port audits with automated scripts
  • Implement port security to prevent unauthorized connections

This Python script exports a complete port mapping:

import csv
from netmiko import ConnectHandler

def get_switch_mappings(switch_ip):
    results = []
    with ConnectHandler(**switch) as conn:
        mac_table = conn.send_command('show mac address-table dynamic', use_textfsm=True)
        arp_table = conn.send_command('show arp', use_textfsm=True)
        
        for entry in mac_table:
            port = entry['destination_port']
            mac = entry['destination_address']
            ip = next((arp['ip'] for arp in arp_table if arp['mac'] == mac), 'N/A')
            results.append({'port': port, 'mac': mac, 'ip': ip})
    
    return results

# Example usage
mappings = get_switch_mappings('10.0.0.1')
with open('port_mappings.csv', 'w') as f:
    writer = csv.DictWriter(f, fieldnames=['port', 'mac', 'ip'])
    writer.writeheader()
    writer.writerows(mappings)