Is there a way to have a Cisco switch reveal the MAC address of a device via Syslog when it is plugged in?
I get messages that a device is connected, but there isn't a lot of detail:
Sep 9 12:50:51 10.9.8.7 6531: *Sep 9 12:47:50: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
Sep 9 12:50:51 10.9.8.7 6532: *Sep 9 12:47:51: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
The hope is that if unrecognized devices are plugged into the network, we can be notified at the switch level.
This can't work, because the switch will learn which MAC address is on the other end of a connection only when some traffic starts flowing through it; plugging in the cable just isn't enough. This will very likely happen in a few seconds, but it doesn't happen at the same time, thus the switch doesn't have any way to know and report this information when a link goes up.
Besides, there could be many more than a single address on the other end, if the cable goes to another switch; there could even not be any address at all, if there's a switch on the other end but there is nothing else plugged into it.
The only way to gather this information is to have a look at the MAC address table, and only after the switch has had enough time to learn what is connected to it.