TRACEROUTE LAYER 3 & LAYER 2: MUST KNOW THREE STEPS


TOPICS

SCENARIO DETAILS

LAYER 3 TRACE

LAYER 2 TRACE –  SCENARIO 1

LAYER 2 TRACE –  SCENARIO 2

REFERENCE CISCO DISCUSSION


TRACEROUTE is generally used for tracing or finding Layer 3 Hops to reach destination.

Here, we will discuss both Layer 3 & Layer 2 troubleshooting


 

SCENARIO DETAILS

Traceroute

 

********************

 

LAYER 3 TRACE

Floor-Sw#traceroute 10.146.1.254

1 10.151.232.129 8 msec 0 msec 0 msec

2 10.151.232.2 9 msec 0 msec 0 msec

3 10.151.232.14 8 msec 0 msec 0 msec

4 10.151.232.9 25 msec 17 msec 17 msec

5 67.69.208.86 33 msec 34 msec 34 msec

6 67.69.208.85 33 msec 25 msec 25 msec

7 10.146.192.145 42 msec 42 msec 50 msec

8 10.146.192.146 26 msec 67 msec 50 msec

9 10.146.192.140 34 msec 33 msec 34 msec

10     10.146.1.17 25 msec * 25 msec

 

Comment

To reach out to the destination 10.146.1.17, total nine Layer 3 Hops or devices comes in between.


 

LAYER 2 TRACE –  SCENARIO 1

CASE 1

ARP response is received on the switch, through VLAN interface.

 

Step 1

Login to any switch in your network. To reach out to the last network or the destination network, do the trace route to the destination IP.

 

Example Output

Floor-Sw#traceroute 10.149.154.107

1 10.151.232.129 17 msec 0 msec 8 msec

2 10.151.232.2 0 msec 0 msec 0 msec

3 10.151.232.14 0 msec 0 msec 9 msec

4 10.151.232.9 0 msec 8 msec 0 msec

5 67.69.208.86 9 msec 25 msec 25 msec

6 67.69.208.85 17 msec 17 msec 17 msec

7 10.151.253.5 42 msec

67.69.208.213 42 msec 42 msec

8 67.69.207.130 50 msec 42 msec 42 msec

9 10.149.204.222 84 msec 76 msec 75 msec

10 10.149.204.249 76 msec 76 msec 75 msec

11 10.149.154.107 84 msec 76 msec 75 msec

 

Step 2

Login to last Layer 3 Hop, obtained from above traceroute result, i.e, 10.149.204.249.

After Login, check the ARP response for the required host, i.e, 10.149.154.107

 

Example Output

core_1#sh ip arp 10.149.154.107

Protocol Address         Age (min) Hardware Addr   Type   Interface

Internet 10.149.154.107         0   fc4d.d43e.2c87 ARPA   Vlan121

 

Note: Here, ARP response is received from VLAN interface, i.e, Vlan121

 

Information to be captured for next step

Interface: Vlan 121

Hardware Address: fc4d.d43e.2c87

 

Step 3

Above obtained MAC address & Vlan details will be utilized in below command

General Syntax : traceroute mac < source mac > < destination mac > < vlan no. >

Example Output

core_1#traceroute  mac   fc4d.d43e.2c87    fc4d.d43e.2c87      vlan 121

Source fc4d.d43e.2c87 found on Hou_sw_12th_03

1 sw_03 (10.149.231.123) : Fa0/34 => Fa0/34

Destination fc4d.d43e.2c87 found on Hou_sw_12th_03

Layer 2 trace completed

 

I got my output .. !!

My Host,10.149.154.107   is connected on   ” sw_03  (10.149.231.123) : Fa0/34

 

CONCLUSION

Above steps is simply Life saver in a complex Layer 2 environment, where hundreds of Layer 2 switches are present.

To find the exact switch port, where Host is connected. It may take n number of steps, to go switch by switch, looking for ARP response.

 ******************

 

LAYER 2 TRACE –  SCENARIO 2

Case 2

ARP response is received on the switch, through Physical interface.

 

The Layer 2 traceroute utility (l2trace) is an extremely useful utility that is supported on the following Cisco Catalyst switch platforms:

  • Catalyst 2950/3550 switches running Cisco IOS 12.1(12c)EA1 or higher
  • Catalyst 4000/4500 switches running CatOS 6.2 or higher
  • Catalyst 5000/5500 switches running CatOS 6.1 or higher
  • Catalyst 6000/6500 switches running CatOS 6.1 or higher

The l2trace utility is similar in functionality to the IP traceroute utility; instead of indicating the router hops in the path to a destination IP address, the l2trace utility indicates the switch hops in the path to a destination MAC address within a Layer 2 network. This is very useful if you want to verify that traffic is flowing over the correct paths in a complex switched network and is most commonly used to verify spanning-tree topologies are being generated as planned. The only limitations of the l2trace utility are that all switches in the l2trace path must support the utility, CDP must be enabled on all switches, and it is supported only between devices in the same VLAN.

 

A useful feature of the Layer 2 traceroute is that you don’t have to execute the command from the switch that is connected to the source specified in the trace. For example in Figure 10-4, you can execute a Layer 2 traceroute between Host-A and Host-B from any switch in the network, not just Switch-B.

If you use the traceroute mac ip command, you need to specify only the source IP address and destination IP address for the traffic flow between the hosts that you want to trace. Because a Layer 2 traceroute works only for paths within a Layer 2 network (i.e., VLAN), you must ensure the source and destination IP address represent hosts within the same IP subnet/VLAN. The switch executing the trace consults its local ARP cache to determine the MAC addresses of the source and destination. If no Address Resolution Protocol (ARP) entries are cached, then the switch issues ARP requests for each IP address and begins the trace once the required source and destination MAC address information is known.

 

On Cisco IOS, the same traceroute command used to perform Layer 3 traceroutes is also used to perform Layer 2 traceroutes when configured with the following syntax:

Switch# traceroute mac [interface interface-type interface-id] source-mac [interface interface-type interface-id] destination-mac [vlan vlan-id] [detail]

Switch# traceroute mac ip source-ip destination-ip [detail]

EXAMPLE
Switch-B# traceroute mac ip  192.168.1.101  192.168.1.100  detail

Translating IP to mac …..
192.168.1.101 => 0001.0200.d81d
192.168.1.100 => 00a0.d1d0.20b9

Source not directly connected, tracing source …..
Source 0001.0200.d81d found on Switch-C[WS-C3550-24] (192.168.1.3)
Switch-C / WS-C3550-24 / 192.168.1.3 :
Fa0/3 [auto, auto] => Fa0/1 [full, 100M]
Switch-A / WS-C4006 / 192.168.1.1 :
2/2 [full, 100M] => 2/1 [full, 100M]
Switch-B / WS-C3550-24 / 192.168.1.2 :
Fa0/1 [full, 100M] => Fa0/3 [auto, auto]
Destination 00a0.d1d0.20b9 found on Switch-B[WS-C3550-24] (192.168.1.2)
Layer 2 trace completed.

 

the switch first determines the MAC addresses associated with the specified IP addresses.
Once these MAC addresses are known, notice that because the specified source (192.168.1.101 or Host-B)
is not directly connected to Switch-B, Switch-B traces the switch to which Host-B is connected.
This is found to be Switch-C, and the Layer 2 traceroute begins.


 

REFERENCE CISCO DISCUSSION

https://supportforums.cisco.com/discussion/11619471/traceroute-mac-command-example


 

Advertisements

7 comments

    1. Hi Varun,

      Actually, My concern was to find out only one device, like where it is connected.
      My requirement is not to track from any source to destination.
      That’s why, i kept Source = Destination
      It is not mandatory.
      But in this scenario, this kind of condition will give me my desired result.

      Hope the things are clear now, otherwise please get back to us .. !!
      Thanks .. !!

      Like

    1. Yes Umair,
      I will elaborate this with a diagram, will attach diagram in the same post .. !!
      Its very useful & strongly used in day to day troubleshooting .. Just try to make yourself comfortable with this concept .. !!

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s