====== HP Procurve Switches Tricks ======

===== Find which port a particular machine is on (easy way) =====

This has some problems if you can not install an lldp (Link-Layer Discovery Protocol) package. [[https://en.wikipedia.org/wiki/Link_Layer_Discovery_Protocol|lldpd]] is a daemon run on the machines attached to a switch which allows you to determine what they are. An associated client allows you to run a query from that machine to see who it is attached to.

The daemons are available on Linux, FreeBSD, NetBSD and Mac OSX. There is also an (untested) client available for Windows at [[http://www.hanewin.net/lldp-e.htm]] and there appears to be a daemon either built in (and disabled) or available for download from MSDN for some Microsoft products.

For Linux/Unix, simply install the daemon on all machines attached to a switch. You can then run a simple command from the switch itself to see what it attached. By default, it returns the fqdn (fully qualified name, including domain, of machine). From an HP Procurve, the command is

<code>show lldp info remote-device</code>

On my little HP Procurve 6108 (old 8 port managed), this only returns two machines from the local network (the ones that actually have lldpd turned on), so it looks like this:

<code>
 LLDP Remote Devices Information

  LocalPort | ChassisId                 PortId PortDescr SysName               
  --------- + ------------------------- ------ --------- ----------------------
  4         | 00 01 80 7f 6a ef         00 ... re0       localhost             
  8         | 00 26 55 42 7b 06         00 ... eth0      wash.dailydata.local  
</code>

The first one is a FreeBSD machine that I do not have configured, so it is returning the name //localhost//.

Note that more than the two ports are definitely connected to the switch; these are just the that have the daemon enabled (or installed).

To set this up, simply install the lldp daemon. In the following, the client is also installed, so I have included the command to run it and "see" the switch itself.

==== Debian Wheezy ====

<code bash>
apt-get -y install lldpd
lldpctl
</code>

==== FreeBSD ====
<code bash>
pkg install lldpd
touch /usr/local/etc/lldpd.conf
service lldpd start
lldpcli show neighbors
</code>

==== Output ====
Output is similar to this
<code>
-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface:    eth0, via: LLDP, RID: 1, Time: 0 day, 01:30:15
  Chassis:     
    ChassisID:    mac 00:0a:57:4d:ed:40
    SysName:      hp6108-2
    SysDescr:     HP J4902A ProCurve Switch 6108, revision H.07.90, ROM H.07.01 (/sw/code/build/fish(ff03))
    MgmtIP:       10.111.111.97
    Capability:   Bridge, on
    Capability:   Router, off
  Port:        
    PortID:       local 8
    PortDescr:    8
-------------------------------------------------------------------------------
</code>

You can see from this that you are on PortID: local 8, and PortDescr 8, so you can pretty much figure you're on port 8 of the switch.

Note: If you do not get the expected results, run it a second time. On Wheezy, I had it give me incomplete results the first time, possibly because some of the ports are set inactive.

===== Find which port a particular machine is on (harder way) =====

Some things do not have the ability to install lldp daemons. For example, my IPMI connections do not appear to support this. Note that the arp table only lasts for a while, so if the target has not had any network traffic in a while, you need to generate some traffic. For those, do the following:

  - Get the MAC address of the server's NIC in question
  - If you have vlan's, ensure the one which the machine on has an IP, otherwise you can not ping it. This can be temporary
  - Put some activity up to populate the arp table
    - If you know the IP address, ping the target. Note that the target does not have to respond, but pinging it will create an arp table entry.
    - If you don't know the ip address, but do know the subnet //nmap subnet// will look through all of them.
  - Log into the procurve and issue the command //show mac// or //show arp//. If you know what port you need to look at, you can use one of the following to narrow it down
     - show mac MAC-ADDR
        - it appears the Procurve strips all non-hex characters, so MAC-ADDR can just be all 12 hex digits, or it can have colons, dashes, even periods between groups. Actually, pretty sweet.
     - show mac vlan VLAN#
        - You can use either the vlan alias or number here.
     - show mac PORT#
        - If you want, you can give it a comma separated list of ports, for example, show mac 1,5,7,10
  - Now, just find your machines MAC address in the list returned. Obviously, using show mac MAC-ADDR is the simplest if you're just trying to find one machine.