Matching IP Address to Switch Port

Question: Is it possible to match an internal IP address to a switch port?

My Answer:

There is no direct way to determine what IP is connected to a certain switch port. The reason is that an Ethernet switch works at L2 of the OSI Model, and typically does not inspect higher level layers (Layer 3 -> IP Address). (There are some exceptions in newer hardware)

One important note, to use the ping / ARP trick described below, you’ll need to use a device on the same VLAN or subnet as the device you are searching for. Otherwise, you will only see the MAC address of the default gateway in the ARP table.

Here’s the procedure I recommend, if possible.

Source and Destination on the same VLAN

  1. Issue a ping to the device you are trying to locate.
  2. Once it returns successfully, look in the ARP table to find the MAC address of said device.
  3. Log onto the switch itself and look through the MAC address table for the address found in step 2. (The MAC address table can also be called a CAM table). The MAC address table provides a mapping of MAC addresses to switch ports.

Source and Destination on different VLANs

  1. From the core router or suspected default gateway, issue a ping. Obviously, this works best if all routing is done on the same device.
  2. If there are multiple L3 interfaces, you might need to “walk” through the network going from L3 interface to L3 interface performing the ping / ARP check until you find the one that serves as the default gateway for the device you are searching for.
  3. Once you find it, you can then log into the switch and search the MAC address table to find the port.