Differnce between setting mac address port security under the interface vs. the mac address-table global command
in [Cisco]
|
From: ttripp on 1 Feb 2010 14:16 I'm familiar with setting a static MAC address under a Cisco switch's individual interfaces. But there's another command (actually, a family of commands) at the global level. The one I'm interested in is: mac address-table static xxxx.xxxxx.xxxx vlan y interface FastEthernet0/z I'm not familiar with this command and what it does. How does it differ from setting the MAC address under the specific interface? Do they both do the same thing? Would you use them at the same time? Thanks in advance.
From: bod43 on 2 Feb 2010 00:21 On 1 Feb, 19:16, ttripp <ttr...(a)manh.com> wrote: > I'm familiar with setting a static MAC address under a Cisco switch's > individual interfaces. But there's another command (actually, a > family of commands) at the global level. The one I'm interested in > is: > > mac address-table static xxxx.xxxxx.xxxx vlan y interface > FastEthernet0/z > > I'm not familiar with this command and what it does. How does it > differ from setting the MAC address under the specific interface? Do > they both do the same thing? Would you use them at the same time? You did not mention the interface command used however; The interface command is used to set the mac address that the switch uses on its own interface. It stops using the Built In Address (BIA) and uses the one specified instead. The "mac address-table static " command creates a static entry in the Forwarding Database. This is used to determine which port to use as the output interface when forwarding packets. Sounds like you need to look up the method that switches use to forward packets. One or both of the cisco press books Cisco Press.CCNA-CCENT ICND1 Official Exam Certification Guide - Wendell Odom (Aug. 2007) Cisco Press.CCNA ICND2 Official Exam Certification Guide - Wendell Odom (Aug. 2007) have excellent descriptions of the operation of switch forwarding, but I am sure you can find something on-line. I am prety sure that the IEEE 802.1d standard is a free download (it was at one time for sure) but I forget how digestible it is for a beginner.
From: ttripp on 2 Feb 2010 11:38 On Feb 2, 12:21 am, bod43 <Bo...(a)hotmail.co.uk> wrote: > On 1 Feb, 19:16, ttripp <ttr...(a)manh.com> wrote: > > > I'm familiar with setting a static MAC address under a Cisco switch's > > individual interfaces. But there's another command (actually, a > > family of commands) at the global level. The one I'm interested in > > is: > > > mac address-table static xxxx.xxxxx.xxxx vlan y interface > > FastEthernet0/z > > > I'm not familiar with this command and what it does. How does it > > differ from setting the MAC address under the specific interface? Do > > they both do the same thing? Would you use them at the same time? > > You did not mention the interface command used however; > > The interface command is used to set the mac address > that the switch uses on its own interface. It stops using the > Built In Address (BIA) and uses the one specified instead. > > The "mac address-table static " command creates a > static entry in the Forwarding Database. This is used > to determine which port to use as the output interface > when forwarding packets. > > Sounds like you need to look up the method that switches > use to forward packets. > > One or both of the cisco press books > > Cisco Press.CCNA-CCENT ICND1 Official Exam Certification Guide - > Wendell Odom (Aug. 2007) > > Cisco Press.CCNA ICND2 Official Exam Certification Guide - Wendell > Odom (Aug. 2007) > > have excellent descriptions of the operation of > switch forwarding, but I am sure you can find something > on-line. > > I am prety sure that the IEEE 802.1d standard is a > free download (it was at one time for sure) but I forget > how digestible it is for a beginner. The interface command(s) I was refering to are the "switchport port- security" command and the "maximum", "mac-address" and "violation" settings. That's the one I'm familiar and have used in the past.
From: ttripp on 2 Feb 2010 12:00 On Feb 2, 11:38 am, ttripp <ttr...(a)manh.com> wrote: > On Feb 2, 12:21 am, bod43 <Bo...(a)hotmail.co.uk> wrote: > > > > > > > On 1 Feb, 19:16, ttripp <ttr...(a)manh.com> wrote: > > > > I'm familiar with setting a static MAC address under a Cisco switch's > > > individual interfaces. But there's another command (actually, a > > > family of commands) at the global level. The one I'm interested in > > > is: > > > > mac address-table static xxxx.xxxxx.xxxx vlan y interface > > > FastEthernet0/z > > > > I'm not familiar with this command and what it does. How does it > > > differ from setting the MAC address under the specific interface? Do > > > they both do the same thing? Would you use them at the same time? > > > You did not mention the interface command used however; > > > The interface command is used to set the mac address > > that the switch uses on its own interface. It stops using the > > Built In Address (BIA) and uses the one specified instead. > > > The "mac address-table static " command creates a > > static entry in the Forwarding Database. This is used > > to determine which port to use as the output interface > > when forwarding packets. > > > Sounds like you need to look up the method that switches > > use to forward packets. > > > One or both of the cisco press books > > > Cisco Press.CCNA-CCENT ICND1 Official Exam Certification Guide - > > Wendell Odom (Aug. 2007) > > > Cisco Press.CCNA ICND2 Official Exam Certification Guide - Wendell > > Odom (Aug. 2007) > > > have excellent descriptions of the operation of > > switch forwarding, but I am sure you can find something > > on-line. > > > I am prety sure that the IEEE 802.1d standard is a > > free download (it was at one time for sure) but I forget > > how digestible it is for a beginner. > > The interface command(s) I was refering to are the "switchport port- > security" command and the "maximum", "mac-address" and "violation" > settings. That's the one I'm familiar and have used in the past.- Hide quoted text - > > - Show quoted text - So, I'm not sure what the purpose of the global command is when there is the port-security commands under the interface. Won't they both do the same thing, basically, preventing any traffic through the switch interface if it doesn't come from a NIC with a MAC address that matches? Perhaps the global setting is a legacy command? I am trying to replace a 2924 with version 12.0 with a new 2960 with version 12.2.
From: Thrill5 on 5 Feb 2010 17:49 "ttripp" <ttripp(a)manh.com> wrote in message news:e0c66121-e22a-4598-ba49-1c022a4bd0b6(a)21g2000yqj.googlegroups.com... On Feb 2, 11:38 am, ttripp <ttr...(a)manh.com> wrote: > On Feb 2, 12:21 am, bod43 <Bo...(a)hotmail.co.uk> wrote: > > > > > > > On 1 Feb, 19:16, ttripp <ttr...(a)manh.com> wrote: > > > > I'm familiar with setting a static MAC address under a Cisco switch's > > > individual interfaces. But there's another command (actually, a > > > family of commands) at the global level. The one I'm interested in > > > is: > > > > mac address-table static xxxx.xxxxx.xxxx vlan y interface > > > FastEthernet0/z > > > > I'm not familiar with this command and what it does. How does it > > > differ from setting the MAC address under the specific interface? Do > > > they both do the same thing? Would you use them at the same time? > > > You did not mention the interface command used however; > > > The interface command is used to set the mac address > > that the switch uses on its own interface. It stops using the > > Built In Address (BIA) and uses the one specified instead. > > > The "mac address-table static " command creates a > > static entry in the Forwarding Database. This is used > > to determine which port to use as the output interface > > when forwarding packets. > > > Sounds like you need to look up the method that switches > > use to forward packets. > > > One or both of the cisco press books > > > Cisco Press.CCNA-CCENT ICND1 Official Exam Certification Guide - > > Wendell Odom (Aug. 2007) > > > Cisco Press.CCNA ICND2 Official Exam Certification Guide - Wendell > > Odom (Aug. 2007) > > > have excellent descriptions of the operation of > > switch forwarding, but I am sure you can find something > > on-line. > > > I am prety sure that the IEEE 802.1d standard is a > > free download (it was at one time for sure) but I forget > > how digestible it is for a beginner. > > The interface command(s) I was refering to are the "switchport port- > security" command and the "maximum", "mac-address" and "violation" > settings. That's the one I'm familiar and have used in the past.- Hide > quoted text - > > - Show quoted text - ) )So, I'm not sure what the purpose of the global command is when there )is the port-security commands under the interface. Won't they both do )the same thing, basically, preventing any traffic through the switch )interface if it doesn't come from a NIC with a MAC address that )matches? ) )Perhaps the global setting is a legacy command? I am trying to )replace a 2924 with version 12.0 with a new 2960 with version 12.2. The global and interface don't do the same thing. The global mac commands do not enforce any type of port security per se, but a mac-address specified with a global command will override a dynamically learned entry. Think of the global mac commands the same as a adding a static ARP entry, while the interface commands are used to enable and configure port security.
|
Pages: 1 Prev: L2TP Help needed! Next: Cisco AIR-LAP1142N-E-K9 conversion to standalone required |