Differnce between setting mac address port security under theinterface vs. the mac address-table glo

Discussion in 'Cisco' started by ttripp, Feb 1, 2010.

  1. ttripp

    ttripp Guest

    I'm familiar with setting a static MAC address under a Cisco switch's
    individual interfaces. But there's another command (actually, a
    family of commands) at the global level. The one I'm interested in
    is:

    mac address-table static xxxx.xxxxx.xxxx vlan y interface
    FastEthernet0/z

    I'm not familiar with this command and what it does. How does it
    differ from setting the MAC address under the specific interface? Do
    they both do the same thing? Would you use them at the same time?

    Thanks in advance.
     
    ttripp, Feb 1, 2010
    #1
    1. Advertising

  2. ttripp

    bod43 Guest

    On 1 Feb, 19:16, ttripp <> wrote:
    > I'm familiar with setting a static MAC address under a Cisco switch's
    > individual interfaces.  But there's another command (actually, a
    > family of commands) at the global level.  The one I'm interested in
    > is:
    >
    > mac address-table static xxxx.xxxxx.xxxx vlan y interface
    > FastEthernet0/z
    >
    > I'm not familiar with this command and what it does.  How does it
    > differ from setting the MAC address under the specific interface?  Do
    > they both do the same thing?  Would you use them at the same time?


    You did not mention the interface command used however;

    The interface command is used to set the mac address
    that the switch uses on its own interface. It stops using the
    Built In Address (BIA) and uses the one specified instead.

    The "mac address-table static " command creates a
    static entry in the Forwarding Database. This is used
    to determine which port to use as the output interface
    when forwarding packets.

    Sounds like you need to look up the method that switches
    use to forward packets.

    One or both of the cisco press books

    Cisco Press.CCNA-CCENT ICND1 Official Exam Certification Guide -
    Wendell Odom (Aug. 2007)

    Cisco Press.CCNA ICND2 Official Exam Certification Guide - Wendell
    Odom (Aug. 2007)

    have excellent descriptions of the operation of
    switch forwarding, but I am sure you can find something
    on-line.

    I am prety sure that the IEEE 802.1d standard is a
    free download (it was at one time for sure) but I forget
    how digestible it is for a beginner.
     
    bod43, Feb 2, 2010
    #2
    1. Advertising

  3. ttripp

    ttripp Guest

    On Feb 2, 12:21 am, bod43 <> wrote:
    > On 1 Feb, 19:16, ttripp <> wrote:
    >
    > > I'm familiar with setting a static MAC address under a Cisco switch's
    > > individual interfaces.  But there's another command (actually, a
    > > family of commands) at the global level.  The one I'm interested in
    > > is:

    >
    > > mac address-table static xxxx.xxxxx.xxxx vlan y interface
    > > FastEthernet0/z

    >
    > > I'm not familiar with this command and what it does.  How does it
    > > differ from setting the MAC address under the specific interface?  Do
    > > they both do the same thing?  Would you use them at the same time?

    >
    > You did not mention the interface command used however;
    >
    > The interface command is used to set the mac address
    > that the switch uses on its own interface. It stops using the
    > Built In Address (BIA) and uses the one specified instead.
    >
    > The "mac address-table static " command creates a
    > static entry in the Forwarding Database. This is used
    > to determine which port to use as the output interface
    > when forwarding packets.
    >
    > Sounds like you need to look up the method that switches
    > use to forward packets.
    >
    > One or both of the cisco press books
    >
    > Cisco Press.CCNA-CCENT ICND1 Official Exam Certification Guide  -
    > Wendell Odom (Aug. 2007)
    >
    > Cisco Press.CCNA ICND2 Official Exam Certification Guide - Wendell
    > Odom (Aug. 2007)
    >
    > have excellent descriptions of the operation of
    > switch forwarding, but I am sure you can find something
    > on-line.
    >
    > I am prety sure that the IEEE 802.1d standard is a
    > free download (it was at one time for sure) but I forget
    > how digestible it is for a beginner.


    The interface command(s) I was refering to are the "switchport port-
    security" command and the "maximum", "mac-address" and "violation"
    settings. That's the one I'm familiar and have used in the past.
     
    ttripp, Feb 2, 2010
    #3
  4. ttripp

    ttripp Guest

    On Feb 2, 11:38 am, ttripp <> wrote:
    > On Feb 2, 12:21 am, bod43 <> wrote:
    >
    >
    >
    >
    >
    > > On 1 Feb, 19:16, ttripp <> wrote:

    >
    > > > I'm familiar with setting a static MAC address under a Cisco switch's
    > > > individual interfaces.  But there's another command (actually, a
    > > > family of commands) at the global level.  The one I'm interested in
    > > > is:

    >
    > > > mac address-table static xxxx.xxxxx.xxxx vlan y interface
    > > > FastEthernet0/z

    >
    > > > I'm not familiar with this command and what it does.  How does it
    > > > differ from setting the MAC address under the specific interface?  Do
    > > > they both do the same thing?  Would you use them at the same time?

    >
    > > You did not mention the interface command used however;

    >
    > > The interface command is used to set the mac address
    > > that the switch uses on its own interface. It stops using the
    > > Built In Address (BIA) and uses the one specified instead.

    >
    > > The "mac address-table static " command creates a
    > > static entry in the Forwarding Database. This is used
    > > to determine which port to use as the output interface
    > > when forwarding packets.

    >
    > > Sounds like you need to look up the method that switches
    > > use to forward packets.

    >
    > > One or both of the cisco press books

    >
    > > Cisco Press.CCNA-CCENT ICND1 Official Exam Certification Guide  -
    > > Wendell Odom (Aug. 2007)

    >
    > > Cisco Press.CCNA ICND2 Official Exam Certification Guide - Wendell
    > > Odom (Aug. 2007)

    >
    > > have excellent descriptions of the operation of
    > > switch forwarding, but I am sure you can find something
    > > on-line.

    >
    > > I am prety sure that the IEEE 802.1d standard is a
    > > free download (it was at one time for sure) but I forget
    > > how digestible it is for a beginner.

    >
    > The interface command(s) I was refering to are the "switchport port-
    > security" command and the "maximum", "mac-address" and "violation"
    > settings.  That's the one I'm familiar and have used in the past.- Hide quoted text -
    >
    > - Show quoted text -


    So, I'm not sure what the purpose of the global command is when there
    is the port-security commands under the interface. Won't they both do
    the same thing, basically, preventing any traffic through the switch
    interface if it doesn't come from a NIC with a MAC address that
    matches?

    Perhaps the global setting is a legacy command? I am trying to
    replace a 2924 with version 12.0 with a new 2960 with version 12.2.
     
    ttripp, Feb 2, 2010
    #4
  5. ttripp

    zupa

    Joined:
    Mar 19, 2009
    Messages:
    8
    Location:
    Latvia
    As I understand, the global command is used for statically defining MAC addresses on the specific port. It means - the switch will NOT learn the specified MAC address on different ports. But what I don't understand and maybe you can give me your opinion - why on earth can you specify multiple interfaces? Doesn't the mac address have to be uniquie on the LAN?


    SW1#show mac address-table interface fastEthernet 0/22
    Mac Address Table
    -------------------------------------------

    Vlan Mac Address Type Ports
    ---- ----------- -------- -----
    3000 000d.2925.4020 DYNAMIC Fa0/22
    3000 1222.2222.2222 STATIC Fa0/21 Fa0/22
    Total Mac Addresses for this criterion: 2
    SW1#
     
    zupa, Feb 3, 2010
    #5
  6. ttripp

    Thrill5 Guest

    Re: Differnce between setting mac address port security under the interface vs. the mac address-table global command

    "ttripp" <> wrote in message
    news:...
    On Feb 2, 11:38 am, ttripp <> wrote:
    > On Feb 2, 12:21 am, bod43 <> wrote:
    >
    >
    >
    >
    >
    > > On 1 Feb, 19:16, ttripp <> wrote:

    >
    > > > I'm familiar with setting a static MAC address under a Cisco switch's
    > > > individual interfaces. But there's another command (actually, a
    > > > family of commands) at the global level. The one I'm interested in
    > > > is:

    >
    > > > mac address-table static xxxx.xxxxx.xxxx vlan y interface
    > > > FastEthernet0/z

    >
    > > > I'm not familiar with this command and what it does. How does it
    > > > differ from setting the MAC address under the specific interface? Do
    > > > they both do the same thing? Would you use them at the same time?

    >
    > > You did not mention the interface command used however;

    >
    > > The interface command is used to set the mac address
    > > that the switch uses on its own interface. It stops using the
    > > Built In Address (BIA) and uses the one specified instead.

    >
    > > The "mac address-table static " command creates a
    > > static entry in the Forwarding Database. This is used
    > > to determine which port to use as the output interface
    > > when forwarding packets.

    >
    > > Sounds like you need to look up the method that switches
    > > use to forward packets.

    >
    > > One or both of the cisco press books

    >
    > > Cisco Press.CCNA-CCENT ICND1 Official Exam Certification Guide -
    > > Wendell Odom (Aug. 2007)

    >
    > > Cisco Press.CCNA ICND2 Official Exam Certification Guide - Wendell
    > > Odom (Aug. 2007)

    >
    > > have excellent descriptions of the operation of
    > > switch forwarding, but I am sure you can find something
    > > on-line.

    >
    > > I am prety sure that the IEEE 802.1d standard is a
    > > free download (it was at one time for sure) but I forget
    > > how digestible it is for a beginner.

    >
    > The interface command(s) I was refering to are the "switchport port-
    > security" command and the "maximum", "mac-address" and "violation"
    > settings. That's the one I'm familiar and have used in the past.- Hide
    > quoted text -
    >
    > - Show quoted text -

    )
    )So, I'm not sure what the purpose of the global command is when there
    )is the port-security commands under the interface. Won't they both do
    )the same thing, basically, preventing any traffic through the switch
    )interface if it doesn't come from a NIC with a MAC address that
    )matches?
    )
    )Perhaps the global setting is a legacy command? I am trying to
    )replace a 2924 with version 12.0 with a new 2960 with version 12.2.

    The global and interface don't do the same thing. The global mac commands
    do not enforce any type of port security per se, but a mac-address specified
    with a global command will override a dynamically learned entry. Think of
    the global mac commands the same as a adding a static ARP entry, while the
    interface commands are used to enable and configure port security.
     
    Thrill5, Feb 5, 2010
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jules
    Replies:
    0
    Views:
    647
    Jules
    Nov 13, 2004
  2. Joachim Krais
    Replies:
    2
    Views:
    15,455
    Andre Beck
    Nov 23, 2003
  3. John Ramsden
    Replies:
    0
    Views:
    1,100
    John Ramsden
    Jul 24, 2004
  4. zher
    Replies:
    2
    Views:
    9,269
  5. Tacobell
    Replies:
    5
    Views:
    4,631
Loading...

Share This Page