Sunday, December 31, 2017

Cisco CCNP:300-115 - 1.1 Configure and verify switch administration: 1.1.b Managing MAC address table

Recently I needed to renew my Cisco CCNPs, that is both CCNP Routing and Switching as well as CCNP Security. While working with Cisco products (well now they own SourceFire, so exclude these) is not within my daily duties, I still thought it was important for me to maintain these two credentials. As a result, I've put together my notes below focusing on the key points I used to study. I believe that someone else may find them useful.

          - MAC Address table stores information that the switch uses to pass traffic between ports
          - All MAC addresses are related to one or more ports
          - Addresses are of types:
              - Dynamic - One the switch learns about and which ages out when not in use
              - Static - One manually configured on the switch. Does not age out or is not lost when the switch restarts
          - The MAC address table contains the following:
              - destination MAC Address
              - associated VLAN ID
              - Port Number
              - address type static or dynamic
          - MAC addresses table management can be used with STP, MSTP and REP features
          - By default MAC address learning is enabled on all interfaces and VLAN
          - Disabling MAC address learning can cause flooding on a network
              - If MAC Address learning is disabled and the switch has a configured VTI, the switch floods all IP packets in the L2 domain
              - MAC Address learning is disabled via the "global config" mode
              - Cisco recommends to ONLY disable MAC address learning on VLANs with two interfaces
                  - When the VLAN has more than two interfaces, every packet entering the switch floods the entire VLAN domain
              - MAC address learning cannot be disabled on VLANs which are used internally by the device.
                  - The device generates an error  messages and rejects the command
           -  If MAC address learning is disabled on an VLAN which has secure port, MAC address learning is not disabled on that port
          
          
           To See the current learning status for VLANs use:
           SecurityNik#show mac address-table learning
          
           To disable MAC address learning do
           SecurityNik#(config)#no mac address-table learning vlan 10
          
           To re-enable MAC address learning
           SecurityNik(config)#default mac address-table learning vlan 10
          
           To show the current MAC address table, use:
           SecurityNik#show mac address-table
          
           To show the current aging time, which is typically defaulted to 300 seconds, use:
           SecurityNik#show mac address-table aging-time
          
           To see the current MAC address count, use:
              SecurityNik#show mac address-table count
           Note that this information is provided by VLANs
           It shows the "Static", "Dynamic" and "Total" MAC address count          
         
           To see the current MAC addresses which were learned dynamically, use:
           SecurityNik#show mac address-table dynamic                             
          
           Likewise, to see the current MAC addresses which entered statistically, use:
           SecurityNik#show mac address-table static
          
          Overall options for the "show mac address-table" we see:         
          SecurityNik#show mac address-table ?
                      address       Address to lookup in the table
                      aging-time    MAC address table aging parameters
                      count         Number of MAC addresses in the table
                      dynamic       List dynamic MAC addresses
                      interface     List MAC adresses on a specific interface
                      learning      Display learning on VLAN or interface
                      move          MAC Move information
                      multicast     List multicast MAC addresses
                      notification  MAC notification parameters and history table
                      secure        List secure MAC addresses
                      static        List static MAC addresses
                      vlan          List MAC addresses on a specific vlan
                      |             Output modifiers
         

References:
https://www.cisco.com/c/en/us/td/docs/wireless/mwr_2941_dc/software_config/guide/3_3/2941_33_Config_Guide/mac_lrn.pdf

No comments:

Post a Comment