TRACEROUTE is generally used for tracing or finding Layer 3 Hops to reach destination.

Here, we will discuss both Layer 3 & Layer 2 troubleshooting









1 8 msec 0 msec 0 msec

2 9 msec 0 msec 0 msec

3 8 msec 0 msec 0 msec

4 25 msec 17 msec 17 msec

5 33 msec 34 msec 34 msec

6 33 msec 25 msec 25 msec

7 42 msec 42 msec 50 msec

8 26 msec 67 msec 50 msec

9 34 msec 33 msec 34 msec

10 25 msec * 25 msec



To reach out to the destination, total nine Layer 3 Hops or devices comes in between.




ARP response is received on the switch, through VLAN interface.


Step 1

Login to any switch in your network. To reach out to the last network or the destination network, do the trace route to the destination IP.


Example Output


1 17 msec 0 msec 8 msec

2 0 msec 0 msec 0 msec

3 0 msec 0 msec 9 msec

4 0 msec 8 msec 0 msec

5 9 msec 25 msec 25 msec

6 17 msec 17 msec 17 msec

7 42 msec 42 msec 42 msec

8 50 msec 42 msec 42 msec

9 84 msec 76 msec 75 msec

10 76 msec 76 msec 75 msec

11 84 msec 76 msec 75 msec


Step 2

Login to last Layer 3 Hop, obtained from above traceroute result, i.e,

After Login, check the ARP response for the required host, i.e,


Example Output

core_1#sh ip arp

Protocol Address         Age (min) Hardware Addr   Type   Interface

Internet         0   fc4d.d43e.2c87 ARPA   Vlan121


Note: Here, ARP response is received from VLAN interface, i.e, Vlan121


Information to be captured for next step

Interface: Vlan 121

Hardware Address: fc4d.d43e.2c87


Step 3

Above obtained MAC address & Vlan details will be utilized in below command

General Syntax : traceroute mac < source mac > < destination mac > < vlan no. >

Example Output

core_1#traceroute  mac   fc4d.d43e.2c87    fc4d.d43e.2c87      vlan 121

Source fc4d.d43e.2c87 found on Hou_sw_12th_03

1 sw_03 ( : Fa0/34 => Fa0/34

Destination fc4d.d43e.2c87 found on Hou_sw_12th_03

Layer 2 trace completed


I got my output .. !!

My Host,   is connected on   ” sw_03  ( : Fa0/34



Above steps is simply Life saver in a complex Layer 2 environment, where hundreds of Layer 2 switches are present.

To find the exact switch port, where Host is connected. It may take n number of steps, to go switch by switch, looking for ARP response.




Case 2

ARP response is received on the switch, through Physical interface.


The Layer 2 traceroute utility (l2trace) is an extremely useful utility that is supported on the following Cisco Catalyst switch platforms:

  • Catalyst 2950/3550 switches running Cisco IOS 12.1(12c)EA1 or higher
  • Catalyst 4000/4500 switches running CatOS 6.2 or higher
  • Catalyst 5000/5500 switches running CatOS 6.1 or higher
  • Catalyst 6000/6500 switches running CatOS 6.1 or higher

The l2trace utility is similar in functionality to the IP traceroute utility; instead of indicating the router hops in the path to a destination IP address, the l2trace utility indicates the switch hops in the path to a destination MAC address within a Layer 2 network. This is very useful if you want to verify that traffic is flowing over the correct paths in a complex switched network and is most commonly used to verify spanning-tree topologies are being generated as planned. The only limitations of the l2trace utility are that all switches in the l2trace path must support the utility, CDP must be enabled on all switches, and it is supported only between devices in the same VLAN.


A useful feature of the Layer 2 traceroute is that you don’t have to execute the command from the switch that is connected to the source specified in the trace. For example in Figure 10-4, you can execute a Layer 2 traceroute between Host-A and Host-B from any switch in the network, not just Switch-B.

If you use the traceroute mac ip command, you need to specify only the source IP address and destination IP address for the traffic flow between the hosts that you want to trace. Because a Layer 2 traceroute works only for paths within a Layer 2 network (i.e., VLAN), you must ensure the source and destination IP address represent hosts within the same IP subnet/VLAN. The switch executing the trace consults its local ARP cache to determine the MAC addresses of the source and destination. If no Address Resolution Protocol (ARP) entries are cached, then the switch issues ARP requests for each IP address and begins the trace once the required source and destination MAC address information is known.


On Cisco IOS, the same traceroute command used to perform Layer 3 traceroutes is also used to perform Layer 2 traceroutes when configured with the following syntax:

Switch# traceroute mac [interface interface-type interface-id] source-mac [interface interface-type interface-id] destination-mac [vlan vlan-id] [detail]

Switch# traceroute mac ip source-ip destination-ip [detail]

Switch-B# traceroute mac ip  detail

Translating IP to mac ….. => 0001.0200.d81d => 00a0.d1d0.20b9

Source not directly connected, tracing source …..
Source 0001.0200.d81d found on Switch-C[WS-C3550-24] (
Switch-C / WS-C3550-24 / :
Fa0/3 [auto, auto] => Fa0/1 [full, 100M]
Switch-A / WS-C4006 / :
2/2 [full, 100M] => 2/1 [full, 100M]
Switch-B / WS-C3550-24 / :
Fa0/1 [full, 100M] => Fa0/3 [auto, auto]
Destination 00a0.d1d0.20b9 found on Switch-B[WS-C3550-24] (
Layer 2 trace completed.


the switch first determines the MAC addresses associated with the specified IP addresses.
Once these MAC addresses are known, notice that because the specified source ( or Host-B)
is not directly connected to Switch-B, Switch-B traces the switch to which Host-B is connected.
This is found to be Switch-C, and the Layer 2 traceroute begins.






    1. Hi Varun,

      Actually, My concern was to find out only one device, like where it is connected.
      My requirement is not to track from any source to destination.
      That’s why, i kept Source = Destination
      It is not mandatory.
      But in this scenario, this kind of condition will give me my desired result.

      Hope the things are clear now, otherwise please get back to us .. !!
      Thanks .. !!


    1. Yes Umair,
      I will elaborate this with a diagram, will attach diagram in the same post .. !!
      Its very useful & strongly used in day to day troubleshooting .. Just try to make yourself comfortable with this concept .. !!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s