mac-address-table static

mac-address-table static

I know this command adds a static entry to MAC table, but what it the usefull purpose ? so entry will remain in table and wont timeout?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

wildfire

yes, I have actually used this problem when I had a problem with a Virtual MAC from a teamed NIC was showing up on another interface but no timing out, I added the static entry and all was well

marlon23

thanks, that make sence.

Can I have another one? When I configure static MAC on a switch port, can this switch learn another MACs dynamically throught this port?

wildfire

read the arp sections on this doc

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_command_reference_chapter09186a00800ca5b0.html#1017396

no a Static entry does no affect the dynamic nature of the switch.

wildfire

I forgot to mention this is also very usefull for port security, for example if you know a device on the end of a switchport then enter the mac, turn on MAC based security and if any other device conncets the port can be configured to do a number of things; go into err disable (shutdown), log the error, nothing.

marlon23

How does configured static MAC entry in mac table affect port-security? I should get to lab and try it but lab is closed becouse of holidays

Danman32

Because only that MAC address can be used on that assigned port. If someone switched computers, the rogue computer would not have the correct MAC address (granted, today's NICs can spoof MACs), and therefore at the very least would ignore unicast frames sent to it since the destination MAC would not match. But more likely with security turned on, the switch would detect the MAC mismatch and shut the port down.