RE: Physical ports in IOS

["Dan Bogda" <dan.bogda () kintera com>]

Eduardo,
One common deployment scenario is to run the 6500 in Hybrid mode where
you run Catalyst code on the switch and run IOS on the embedded MSFC. It
sounds like you are in the MSFC, which in hybrid mode is essentially a
separate device from the switch ports. You need to find the management
interface of the 6500 chassis if you want to make layer 2 changes. I
would start by looking at the interface descriptions and traffic usage.
The next thing would be to look for Cisco's MAC address ranges in the
ARP cache. If you are lucky they are using the same passwords on the
chassis and the MSFC.

Good luck,
Dan

-----Original Message-----
From: Eduardo Espina [mailto:eduardomx () gmail com] 
Sent: Wednesday, June 14, 2006 1:27 PM
To: Luis Gutierrez
Cc: pen-test () securityfocus com
Subject: Re: Physical ports in IOS

Hi,

Thanks for the tip, I forgot to say, i'm in a Cisco Catalyst 6500 with
IOS 12.1(8b) and there's no sh mac-address-table command available. I do
have the enable password, show privilege give me level 15. All
references to interfaces are to Vlan# but no physical ports anyway.

Is there a separate port for switch configuration and router
configuration?, i have other Cisco devices for testing and i found the
show mac-adress-table useful, but with IOS 12.4. Is it a problem with
IOS version?

Thanks,
Eduardo.

On 6/14/06, Luis Gutierrez <lgutierrez () foxhollowtech com> wrote:
> Here is a sample of how to do it:
>
> 740S3C22#sh ip arp xx.xx.xx.56
>
> Protocol  Address          Age (min)  Hardware Addr   Type   Interface
> Internet  xx.xx.xx.56             1   0011.434c.8b43  ARPA   Vlanxx
>
>
> 740S3C22#sh mac add add 0011.434c.8b43
>
> Unicast Entries
>  vlan   mac address     type        protocols               port
-------+---------------+--------+---------------------+-----------------
> ---
>   xx    0011.434c.8b43   dynamic ip
> GigabitEthernet6/1
>
>
> -luis
>
>
> -----Original Message-----
> From: Eduardo Espina [mailto:eduardomx () gmail com]
> Sent: Tuesday, June 13, 2006 7:21 PM
> To: pen-test () securityfocus com
> Subject: Physical ports in IOS
>
> Hi,
>
> I'm pen-testing a network and i've already gained access to a Cisco
> switch in certain VLAN; i'm stucked in getting a SPAN port in the
> physical port where i'm attached or changing that port to a different
> VLAN; "show interfaces fastethernet" doesn't work, and "show
> interfaces" just output the MAC address of the VLAN, but i can't find
> the way to correlate IP (mine) with the physical port (Fa0/3 i.e.).
>
> Some idea?
>
> Thanks,
> Eduardo.
------------------------------------------------------------------------
> ------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the
> Analyst's
> Choice Award from eWeek. As attacks through web applications continue
to
> rise,
> you need to proactively protect your applications from hackers. Cenzic
> has the
> most comprehensive solutions to meet your application security
> penetration
> testing and vulnerability management needs. You have an option to go
> with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service
> can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm
> your
> results from other product. Contact us at request () cenzic com for
> details.
------------------------------------------------------------------------
> ------

------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's 
Choice Award from eWeek. As attacks through web applications continue to
rise, 
you need to proactively protect your applications from hackers. Cenzic
has the 
most comprehensive solutions to meet your application security
penetration 
testing and vulnerability management needs. You have an option to go
with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service
can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm
your 
results from other product. Contact us at request () cenzic com for
details.
------------------------------------------------------------------------
------



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------