To reply to my own post ;-), I must mention that the show arp is a good solution in theory, but in practice, it only works with protocols that use ARP (such as IP), and you're probably routing those protocols?
Are you on Token Ring? If yes, the show lnm station command might help. If you had something like: hosts-----2500to0-------to04000-------hosts Same theory as before: If routing, show lnm station on the to0 interfaces would just show each other. If bridging, you would see the hosts. Is NetBIOS one of your non-routed protocols? The show netbios name-cache command might help. Are you using transparent bridging? If yes, the show bridge command might help. It shows you the MAC addresses that the bridging software has learned. So, bottom line: learn more about the protocols in use and which ones are routed/bridged. Use appropriate commands based on additional knowledge gained...... Of course, the real answer is the one that you mentioned: get a Sniffer! ;-) You say the network is too large, but with good knowledge of your topology, you might be able to identify a backbone or server LAN where you could place a single Sniffer and get a lot of info. Priscilla At 02:32 PM 3/19/02, Priscilla Oppenheimer wrote: >You could make use of the fact that a bridge just forwards traffic without >changing the MAC address, whereas a router decapsulates the packet from the >Layer 2 header and re-encapsulates, using its own MAC address. Assuming you >have a topology like this: > >hosts-----2500e0------e04000-----hosts > >Do a show arp on the 2500 and 4000. In a routed network, you would just see >the other router on the e0 interfaces. In a bridged network, you'll see the >hosts' MAC addresses. > >Priscilla > >At 02:56 AM 3/19/02, dovelet wrote: > >Hi all, > > > >Our company's network are connected using some Cisco 2500 and Cisco 4000 > >routers. As we need to cater some non-routable protocols, bridging is also > >enabled at all routers. I would like to know, is there any methods to > >monitor which hosts are using bridging through the routers? Of course, I can > >use a sniffer to capture the traffic, but the network is too large for us to > >do so. > > > >Please advise. > > > >Regards, > >Dovelet >________________________ > >Priscilla Oppenheimer >http://www.priscilla.com ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38850&t=38758 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
