Finding CPE's behind SMs?

Is there a way to find the CPE/MAC address of users behind SMs?

Any Ethernet device’s MAC address will be in the ARP table of the device’s NHR (Next Hop Router)

I understand that, but I think I remember there is a way to find out what MACs are behind the SM in Canopy. I thought Prizm had a way of doing this. I took the Prizm class and the instructor mentioned it, I just forgot the procedure.

if you log onto the SM and look under bridge tables you will see what MACs are active.

vince wrote:
if you log onto the SM and look under bridge tables you will see what MACs are active.

Oh yeah... forgot about that. Definitely

This will only show you the devices with a direct Ethernet interface to the SM. For example, if the SM is in Non-NAT mode and terminated into a switch, and you have PC’s terminated into the same switch, their MAC addresses will appear in the SM’s Bridge Table.

If you have a non-NAT SM terminated into the WAN port of a SoHo NAT router, and PC’s terminated into the switch ports of that router, or into an external switch which interfaces with that router, the client PC MAC addresses will not appear in the Bridge Table. Only the MAC address of the router’s WAN port will. The MAC addresses of the client would appear in the router’s ARP table.

correct…i dont think you will find any canopy side equipment that will allow you to see past a customers NAT router

In prizm, while browsing a network, you can use tools/find ip/mac address.

I am not using NAT. SM’s are bridges with public IPs on the CPE. I can’t find the MAC/IP if I don’t know what it is. That is what I am trying to find out. I have an SM with a MAC/IP, behind it is a CPE with a MAC/IP.

Thanks for the help so far, I know there is a way in Prizm.

If it’s a public IP address then it will have an arp entry in your router.

show arp

Find the IP address and match it to the MAC.

See if this can help clear up your confusion.

If you have a SoHo NAT router with an “Internet” or “WAN” port, it is highly likely that the CAT-5 cable from your SM plugs into the PoE Pigtail and this PigTail plugs into your router WAN/Internet port. You have your WAN/Internet port configured with a static IP address, whether it be public or private. That all depends on your network setup.

The devices “behind” your NAT router all have private IP addresses. In theory these addresses can actually be whatever you want them to be. But, when one of these computers wants to browse the net, the router takes the IP and MAC of the client PC and “hides” it from the public internet. A packet coming from computer number xyz behind your router “appears” to the Internet that it is actually coming from the IP and MAC address of your WAN port on the router.

You could have 100 PC’s behind your router and to the internet they all appear to be one device. That one device is your router’s public interface.

I do not have any experience with Prizm, but I highly doubt it has any tools that will traverse NAT routers to reveal MACs of devices that are NAT-ed. This would defeat the purpose of NAT and the firewall in the router.

Hope this helps.

As I understand it, the SM is not running in NAT mode and he has public IP’s on the CPE’s (I take this to mean customer computers).

If he is looking for the MAC on one of those CPE’s with a public IP it will have an ARP entry in the router.

As you said, if he has PC’s with 192. IP’s behind a router then the MAC’s from those PC’s will not be available anywhere on the WAN and thus can’t be seen by the router or Prism.

Correct. If we can clear up the usage of the term CPE we can provide more assistance.

Dang! talk about over-complicating a reletively simple question…

oh well, cheers

MAC aka Ethernet addresses are only passed between connected (to each other) network interfaces. That means if John Doe has a router and he has 50 computers connected to it the MAC’s of the 50 computers never go beyond the interface on the router.

50 computers --> router --> SM

The SM knows the MAC of the router (or the interface on the router the SM is connected to )<— (again, the interface on the SM it is connected to) the router knows the MAC of the SM and the 50 computers and —> the 50 computers know the MAC of the router.

Ethernet addresses are passed between adjacent network interfaces, or hosts and routers. They are not passed beyond that.

Detecting NAT Devices using sFlow

NAT Detection Tool

We are running a cisco router to see the mac address for a certain ip

in the cisco>show arp | include

this will give you all computers

put the SM on a VLAN, put one of your own machines on that VLAN and run ethereal… you will see all traffic coming through the SM you can see the source IP’s…

what are you trying to get (the IP’s or MAC’s) and why ?

Can you not run a ping spray on the public IP network…