mac-address-table static
marlon23
Member Posts: 164 ■■□□□□□□□□
in CCNA & CCENT
mac-address-table static
I know this command adds a static entry to MAC table, but what it the usefull purpose ? so entry will remain in table and wont timeout?
I know this command adds a static entry to MAC table, but what it the usefull purpose ? so entry will remain in table and wont timeout?
LAB: 7609-S, 7606-S, 10008, 2x 7301, 7204, 7201 + bunch of ISRs & CAT switches
Comments
-
wildfire Member Posts: 654yes, I have actually used this problem when I had a problem with a Virtual MAC from a teamed NIC was showing up on another interface but no timing out, I added the static entry and all was wellLooking for CCIE lab study partnerts, in the UK or Online.
-
marlon23 Member Posts: 164 ■■□□□□□□□□thanks, that make sence.
Can I have another one? When I configure static MAC on a switch port, can this switch learn another MACs dynamically throught this port?LAB: 7609-S, 7606-S, 10008, 2x 7301, 7204, 7201 + bunch of ISRs & CAT switches -
wildfire Member Posts: 654read the arp sections on this doc
http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_command_reference_chapter09186a00800ca5b0.html#1017396
no a Static entry does no affect the dynamic nature of the switch.Looking for CCIE lab study partnerts, in the UK or Online. -
wildfire Member Posts: 654I forgot to mention this is also very usefull for port security, for example if you know a device on the end of a switchport then enter the mac, turn on MAC based security and if any other device conncets the port can be configured to do a number of things; go into err disable (shutdown), log the error, nothing.Looking for CCIE lab study partnerts, in the UK or Online.
-
marlon23 Member Posts: 164 ■■□□□□□□□□How does configured static MAC entry in mac table affect port-security? I should get to lab and try it but lab is closed becouse of holidaysLAB: 7609-S, 7606-S, 10008, 2x 7301, 7204, 7201 + bunch of ISRs & CAT switches
-
Danman32 Member Posts: 1,243Because only that MAC address can be used on that assigned port. If someone switched computers, the rogue computer would not have the correct MAC address (granted, today's NICs can spoof MACs), and therefore at the very least would ignore unicast frames sent to it since the destination MAC would not match. But more likely with security turned on, the switch would detect the MAC mismatch and shut the port down.