CiscoTools Introduction

CiscoTools come with complete sources (sh / perl / expect) and are easy to customize.

CiscoTools record any occurance of arp (mac / ipaddr / vlan) seen by routers
CiscoTools record any occurance of mac / vlan seen by switch interfaces
CiscoTools records include a time stamp when something was last seen.)

Recording occurances with a "last seen" time stamp over a period of time allows to track any mac and/or ipaddr and hence any network device on your network(s) even if the device in question is currently not active.

CiscoTools provide documentation on what happens on your network now and what has happened in the past since the recording has started.

An automated documentation is never a replacement for a proper specification but it sure can help verify if your network is conforming to your specification and/or manual documentation. It can also help find errors (e. g. duplicate ipaddr).

CiscoTools support multiple locations (scopes).
CiscoTools currently support IP V4 only (no IP V6 support).

CiscoTools consist of two parts:

CiscoTools Data Collection

There are two types of data collection to be scheduled by cron:

Connections to router/switches are established by either telnet or ssh or snmp2 and can be configured per device.

Authentication to devices can be configured per device.

Levels of authentication are:

CiscoTools Data Presentation

CiscoTools arplog.cgi

arplog.cgi lists all recorded mac / ipaddr / vlan mappings from routers.
Using dns or a local /etc/hosts file hostname information is added to the list where possible.

arplog.cgi lists the following data sorted by mac:

You can click on mac to list only data for this mac (via maclog.cgi).
You can click on ipaddr to list only data for this ipaddr (via maclog.cgi).

CiscoTools arplog-ip.cgi

arplog-ip.cgi lists all recorded ipaddr / mac / vlan mappings.
Using dns or a local /etc/hosts file hostname information is added to the list where possible.

arplog-ip.cgi lists the following data sorted by ipaddr:

You can click on ipaddr to list only data for this ipaddr (via maclog.cgi).
You can click on mac to list only data for this mac (via maclog.cgi).

CiscoTools maclog.cgi

maclog.cgi lists all recorded mac / switch interface / vlan mappings.

maclog.cgi lists the following data sorted by switch/interface:

You can click on switch to list only data for this switch (via maclog.cgi).
You can click on interface to list only data for this switch interface (via maclog.cgi).
You can click on mac to list only data for this mac (via maclog.cgi).
You can click on ipaddr to list only data for this ipaddr (via maclog.cgi).

At the end of a full maclog output (no filter enabled) you will see statistical data:

You can click on OUI on the list of vendors (oui) to list only mac from that OUI (via maglog.cgi).

CiscoTools maclog-csv.cgi

maclog-csv.cgi lists all recorded mac / switch interface / vlan mapping CSV format.

CSV format allows for an easy data import into programs like Microsoft Excel or OpenOffice Calc.

maclog-csv.cgi lists the following data sorted by mac,switch,interface,vlan:

CiscoTools Special Reports

CiscoTools ipblocks.cgi

ipblocks.cgi analyses arplog data and lists all IP V4 address blocks (/24 implied) and how many ipaddr are used per ipaddr block listed.

ipblock.cgi lists the following data sorted by ipblock:

You can click on ipblock to get a list of all ipaddr in a given ipaddr block (via arplog-ip.cgi).

CiscoTools duplicate-ip.cgi

duplicate-ip.cgi lists ipaddr associate with more than one mac (from arplog).

duplicate-ip.cgi lists the following data sorted by mac:

You can click on ipaddr to list only data for this ipaddr (via maclog.cgi).
You can click on mac to list only data for this mac (via maclog.cgi).

CiscoTools multiplemac.cgi

multiplemac.cgi lists switch interfaces with multiple mac.

multiplemac.cgi lists the following data sorted by switch/interface:

You can click on switch to list only data for this switch (via maclog.cgi).
You can click on interface to list only data for this switch interface (via maclog.cgi).
You can click on mac to list only data for this mac (via maclog.cgi).
You can click on ipaddr to list only data for this ipaddr (via maclog.cgi).

CiscoTools roamingmac.cgi

roamingmac.cgi lists mac addresses seen on more than one switch interface.

roamingmac.cgi lists the following data sorted by mac:

CiscoTools no dns report

The no dns report uses arplog-ip.cgi to list ipaddr without reverse dns entry.

CiscoTools Configuration

CiscoTools portmaps.cgi

portmaps.cgi lists all connections between switches (files must be edited manually).

CiscoTools ignorearp.cgi

ignorearp.cgi lists all ipblocks (first three octets of an ipaddr) to be ignored by selected reports.

CiscoTools ignoremac.cgi

ignoremac.cgi lists all mac or mac groups to be ignored by selected reports.