Hubbard on Networking: September 2015

Wednesday, September 2, 2015

Layer 2 Traceroute on Cisco Switches

If you are reading this blog you know how to use the standard layer 3 traceroute command to determine the path a packet takes to its destination. But what if you need to determine the path a packet takes at layer 2?

Why would you want to know the layer 2 path when you can find the layer 3 path? On your LAN you won't see a hop across layer 2 switches because they are on the same broadcast domain so a traceroute just shows the IP of the end point.

Requirements

Since we are doing a trace at layer 2 the source and destination MACs have to be on the same Vlan. It doesn't make sense to do a layer 2 traceroute if you have to cross a router.
The source and destination MACs have to be unicast MACs, not Multicast.
The source and destination MACs cannot be on multiple Vlans.

Example 1

What if you have redundant layer two links and you want to verify that the packets are taking the best path? In the next example we had just installed 10Gb capable 4500x switches and new fiber. The 1Gb link was still in place (it's not shown in the diagram) and I wanted to show the customer that the packets were taking the 10Gb link.

I ran the trace from the 2960x in building 2 using the MAC of the server as the source. The destination was the server in building 1 connected to the 2960x. I included the det(ail) parameter so that it printed out the switch type.

The packet clearly took the new 10Gb link.

A Trace Failure

In the next example the trace failed! The failure message was pretty cryptic -
Multiple devices connected to destination port
Layer2 trace aborted

What does that mean you ask. So did I and luckily the Cisco document in the references had a good explanation:

The Layer 2 traceroute feature is not supported when multiple devices are attached to one port through hubs (for example, multiple CDP neighbors are detected on a port). When more than one CDP neighbor is detected on a port, the Layer 2 path is not identified, and an error message appears.

In this case there were a couple Cisco SF200 switches connected to port 24 of a 2960x in the MDF. I hadn't done a "Sh cdp ne" since connecting the 2960x to the customer's existing network and didn't know they were there.

JC-MDF-3#sh cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
08cc68420210 Gig 1/0/24 154 S I SF 302-08 gi1
roof Gig 1/0/24 104 R MikroTik Management
ece1a9c5d35e Gig 1/0/24 126 S I SF302-08P gi1
JC-Core Gig 1/0/25 120 R S I WS-C4500X Ten

References

How to trace MAC address
Cisco IOS Commands - Traceroute MAC
Overview of Layer 2 Switched Networks and Communication

@rikosintie

Michael earned his first IT certification, a Novell Certified Netware Engineer (CNE) in 1993. Michael then focused on the Microsoft MCSE credential, studied database design, and wrote several Visual Basic programs to automate production at a manufacturing company. In 2000 he earned the Cisco CCNA. Since then, Michael has earned Cisco’s security certification, Aruba’s switching certification, and the LPI’s Linux Essentials certification.