Where is my server?

Today I noticed that we lost a server. Actually we new the place but not the Switchport it is connected to. You might say: just look for the MAC address — yeeesss, but it is connected via LACP, the first link was up, but the 2nd one — the one I was interested in — not. Or better to say, it was up but disabled by the lacp algorithm on the Linux machine.

What happened? Someone rewired the switch and changed the 2nd port of the server to some other Switchport. Sadly he wasn’t at hand to be send to the offside Datacenter to follow the cables.

Luckily I got the idea to check for the LLDP messages the Switch sends out on every port and catch it with tcpdump. A short google away was this wonderful website from Darren:

## Switch:
tcpdump -i eth0 -s 1500 -XX -c 1 'ether proto 0x88cc'

## Port and CDP Neighbor Info:
tcpdump -v -s 1500 -c 1 '(ether[12:2]=0x88cc or ether[20:2]=0x2000)' 

An output might look like

16:25:10.589903 LLDP, length 329
Subtype Local (7): Eth155/1/27
Port Description TLV (4), length 16: Ethernet155/1/27
System Name TLV (5), length 11: S1425-B2-01
Management Address length 5, AFI IPv4 (1):
Port VLAN Id Subtype (1)
port vlan id (PVID): 991

As you can see, among others, we get the Switch, Port and VLAN information. Yeehaw!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s