How to Get MAC Address of All Devices Connected to a Switch

arpidflanmac addressswitch

I am a beginner when it comes to networking, and I have done as much research as I can to try and figure this out on my own, but the more I read the more I realize I don't know.

I work for a security company where I install IP cameras that plug into switches in one of a number of IDFs, all of which plug into a switch in the MDF. In order to get all of the MAC addresses of the cameras I have to go to each switch, in each IDF, and plug in one of my own 16 port switches. Then, one by one, I unplug the cameras from the IDF switch, and plug it into my switch until it's full. Then I can pull up the MAC address using an IP scanner utility. I cannot accept that this is real life, and know there is a better way.

I have read about arp -a, but I'm confused if that will work or not. I have also read about LLDP, and something called dot1dtpfdbaddress, both of which left me confused. I did an arp -a on my personal computer, and it seemed to work just fine. From what I understand, you have to be on the same LAN as the devices you want to get MAC addresses for when using arp. If I plug my laptop directly into the switch at the IDF, or even the switch at the MDF, that will put me on the same LAN as the cameras, if they're all connected via switches, right? Sorry if this is confusing, or super obvious! I am just looking for a way to get all the MAC addresses without having to unplug, and plug in 80-100 cameras.

Best Answer

There would be a number of ways to do this that are better than the way you are currently doing it. Pick from any below that fits your circumstances and access.

  1. If all the IP cameras communicate with a server on the same L2 network, then the server should have all the cameras in it's ARP table already. Simply pull the ARP table on the server.
  2. If you know all the IP addresses of the cameras AND can connect your laptop to the same L2 network, then simply ping each camera from the laptop and check the ARP table. You can do this from any MDF/IDF if they are all on the same L2 network as you say they are all connected back to the MDF. Entries in the ARP table will age out within a couple minutes, so you may need to be quick about it.
  3. If you don't know all the IP addresses of the cameras AND can connect your laptop to the same L2 network, then run a utility that can ping a range of IP addresses quickly (Angry IP Scanner for example) that covers the L3 network and then check the ARP table. If your cameras are all similar manufacturer and model, they will likely share the same OUI (first six digits fo the MAC address).
  4. If the cameras communicate using a L3 gateway/router and you have access to the router, then you may be able to access the ARP table from the router.
  5. If the cameras get their IP addresses from a DHCP server, then you can get the MAC addresses from the leases/log on the DHCP server.
  6. If the network has a management/monitoring system, then you may be able to get the MAC addresses from the management/monitoring system.
  7. If the switches are managed AND you have access the the switches' management interface, then you should be able to get the MAC addresses from each switch. As this may require accessing each switch, this may be a bit more involved than some of the other options.

These are the ways I came up with without thinking on it too much that would all be better than going to each IDF. I am sure others will have more suggestions as well.

If I plug my laptop directly into the switch at the IDF, or even the switch at the MDF, that will put me on the same LAN as the cameras, if they're all connected via switches, right?

Not necessarily. The network can be separated into multiple VLANs or the links between MDF and IDFs can be L3 links. Either way, you may not be on the same LAN by connecting at one point. You would need more information about the network to know this answer.

Related Topic