How would you go about discovering mini-switches & hubs & AP's (that don't use CDP) that are attached to Cisco switch ports?
Any Cisco switch ports that know about multiple MAC addresses are of interest. I realize there'll be plenty of valid ports--all the uplinks, and all the ports going to AP's, and ports going to IP phones.
I want to get this information prior to implementing port security on the switches, to eventually prevent folks from installing mini-switches, hubs, AP's, etc. I'll discover the AP's & mini-switches & hubs, then notify their users about the coming change. Then I'll install the right number of data drops, remove the mini-hubs, and plug the PC's & printers into my production switches.
One method I've used to discover mini-switches attached to Cisco switches is to issue the "show mac address-table" command at the switch. Or, I can use NCM to Execute that command across multiple switches. Any port with multiple MACs on it is of interest. The results are accurate (within the limits of the table expiring due to inactivity after 300 seconds--you can get around that sometimes by doing a Ping Sweep of the switch's subnets), but the results of the command are not tidy and user-friendly--especially when doing 500+ switches, many of them fully populated 4510's. Did I mention I have 30,000+ devices on my network?
I'd like a process or tool or command that would query the Cisco switches and return a list of only the ports that know about three or more MAC addresses. That information will tell me there's an AP or switch or hub on the port. I'm not so interested in learning about ports with just two MAC's, since in my environment that would most often be a VoIP phone and its computer. But a command that would show three or more MACs would be helpful, and could be modified to show just two, I'd bet.
Currently I use NCM to issue the "show mac ad" command to a group of switches. Then I copy the results from an individual switch's section, paste it into Notepad, open it with Excel, then sort on the Port column. Finally I scroll through and look for places where the same port shows up three times. Clunky!
I suspect there's probably an Excel process that would quickly remove all lines that only show up once in the spreadsheet. If you know it, feel free to share it--it may be the only way to get this job done.
But outside of tweaking the Excel spreadsheet, how would you go about discovering Cisco ports with three or more MAC addresses using NCM, or using any Solar Winds product (I have Engineer's Toolsets, NPM, and Netflow)?
