Where's "mac-address-table secure" on newer Catalyst switches?
- From: DAVISM@xxxxxxxxxxxxxxxxxxx (Michael T. Davis)
- Date: 31 Aug 2009 22:39:01 GMT
For the sake of context, you may assume that the mention of any VLAN
id in this discussion is maintained throughout the LAN in question. (We're
not dealing with a "private VLAN" or a VLAN maintained only on a subset of
switches on the LAN.)
We have a number of Catalyst 2900XL (EN) switches installed. One
command we make regular use of is...
# mac-address-table secure H.H.H fa0/N vlan V
When we specify this on one switch, the MAC address is essentially blocked
anywhere else on our LAN (for the given VLAN id). If this is set for a port
that isn't actually connected to anything on a single switch, the MAC address
is basically blocked everywhere on the LAN.
I just checked a Catalyst 3560G-48PS and a Catalyst 3750G-24TS. The
command line completion mechanism on both switches seems to imply the "secure"
form of the "mac-address-table" command is no longer available. (Both of these
newer switches are running "IPBASE-M" variants of IOS.) I also checked the
online command line reference for the newest version(s) of IOS for these
switches. Finally, I checked the online "Command Lookup Tool for Cisco IOS",
and it only says the "secure" form is available with Catalyst switches, but
doesn't qualify what models. The closest variant is...
# mac-address-table static H.H.H vlan V drop
Does this provide the same functionality as the "secure" form, or would it need
to be specified on each switch in the LAN to be effective when we want to drop
packets for a particular MAC address everywhere on the LAN? If we were to
# mac-address-table static H.H.H vlan V interface INT
would this only allow the given MAC address on the port INT of the switch in
question, and block its use everywhere else on the LAN, as the "secure" form
did on the 2900XL series of switches?
| Systems Specialist: CBE,MSE
Michael T. Davis (Mike) | Departmental Networking/Computing
http://www.ecr6.ohio-state.edu/~davism/ | The Ohio State University
| 197 Watts, (614) 292-6928
** E-mail is the best way to contact me **
- Prev by Date: Re: FTP configuration on router
- Next by Date: Help with Cisco ASA w/CSC-SSM and WCCP Configuration..
- Previous by thread: Re: FTP configuration on router
- Next by thread: Re: Where's "mac-address-table secure" on newer Catalyst switches?