Recently I needed to renew my Cisco CCNPs, that is both CCNP Routing and Switching as well as CCNP Security. While working with Cisco products (well now they own SourceFire, so exclude these) is not within my daily duties, I still thought it was important for me to maintain these two credentials. As a result, I've put together my notes below focusing on the key points I used to study. I believe that someone else may find them useful.
- MAC Address table stores information that the switch uses to pass traffic between ports
- All MAC addresses are related to one or more ports
- Addresses are of types:
- Dynamic - One the switch learns about and which ages out when not in use
- Static - One manually configured on the switch. Does not age out or is not lost when the switch restarts
- The MAC address table contains the following:
- destination MAC Address
- associated VLAN ID
- Port Number
- address type static or dynamic
- MAC addresses table management can be used with STP, MSTP and REP features
- By default MAC address learning is enabled on all interfaces and VLAN
- Disabling MAC address learning can cause flooding on a network
- If MAC Address learning is disabled and the switch has a configured VTI, the switch floods all IP packets in the L2 domain
- MAC Address learning is disabled via the "global config" mode
- Cisco recommends to ONLY disable MAC address learning on VLANs with two interfaces
- When the VLAN has more than two interfaces, every packet entering the switch floods the entire VLAN domain
- MAC address learning cannot be disabled on VLANs which are used internally by the device.
- The device generates an error messages and rejects the command
- If MAC address learning is disabled on an VLAN which has secure port, MAC address learning is not disabled on that port
To See the current learning status for VLANs use:
SecurityNik#show mac address-table learning
To disable MAC address learning do
SecurityNik#(config)#no mac address-table learning vlan 10
To re-enable MAC address learning
SecurityNik(config)#default mac address-table learning vlan 10
To show the current MAC address table, use:
SecurityNik#show mac address-table
To show the current aging time, which is typically defaulted to 300 seconds, use:
SecurityNik#show mac address-table aging-time
To see the current MAC address count, use:
SecurityNik#show mac address-table count
Note that this information is provided by VLANs
It shows the "Static", "Dynamic" and "Total" MAC address count
To see the current MAC addresses which were learned dynamically, use:
SecurityNik#show mac address-table dynamic
Likewise, to see the current MAC addresses which entered statistically, use:
SecurityNik#show mac address-table static
Overall options for the "show mac address-table" we see:
SecurityNik#show mac address-table ?
address Address to lookup in the table
aging-time MAC address table aging parameters
count Number of MAC addresses in the table
dynamic List dynamic MAC addresses
interface List MAC adresses on a specific interface
learning Display learning on VLAN or interface
move MAC Move information
multicast List multicast MAC addresses
notification MAC notification parameters and history table
secure List secure MAC addresses
static List static MAC addresses
vlan List MAC addresses on a specific vlan
| Output modifiers
References:
https://www.cisco.com/c/en/us/td/docs/wireless/mwr_2941_dc/software_config/guide/3_3/2941_33_Config_Guide/mac_lrn.pdf
No comments:
Post a Comment