5-26
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Chapter5 Administering the Switch
Managing the MAC Address Table
If you add a unicast MAC address as a static address and configure unicast MAC address filtering,
the switch either adds the MAC address as a static address or drops pack ets with that MA C addres s,
depending on which command was entered last. The second command that you entered overrides the
first command.
For example, if you enter the mac address-table static mac-addr vlan vlan-id interface
interface-id global configuration command followed by the mac address-table static mac-addr
vlan vlan-id drop command, the switch drops packets with the specified MAC address as a source
or destination.
If you enter the mac address-table static mac-addr vlan vlan-id drop global configuration
command followed by the mac address-table static mac-addr vlan vlan-id interface interface-id
command, the switch adds the MAC address as a static address.
You enable unicast MAC address filtering and configure the switch to drop packets with a specific
address by specifying the source or destination unicast MAC address and the VLAN from which it is
received.
Beginning in privileged EXEC mode, follow these steps to configure the switch to drop a source or
destination unicast static address:
To disable unicast MAC address filtering, use the no mac address-table static mac-addr vlan vlan-id
global configuration command.
This example shows how to enable unicast MAC address filtering and to configure the switch to drop
packets that have a source or destination address of c2f3.220a.12f4. When a packet is received in
VLAN 4 with this MAC address as its source or destination, the packet is dropped:
Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 drop
Disabling MAC Address Learning on a VLAN
By default, MAC address learning is enabled on all VLANs on the switch. Controlling MAC address
learning on a VLAN allows you to manage the MAC address table space that is available on the switch
by controlling which VLANs, and therefore which ports, can learn MAC addresses. Before yo u disable
MAC address learning be sure that you are familiar with the network topology and the switch system
configuration. Disabling MAC address learning on a VLAN could cause flooding in the network.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 mac address-table static mac-addr
vlan vlan-id drop Enable unicast MAC address filtering and configure the switch to drop a
packet with the specified source or destination unicast static address.
For mac-addr, specify a source or destination unicast MAC address.
Packets with this MAC address are dropped.
For vlan-id, specify the VLAN for which the packet with the
specified MAC address is received. Valid VLAN IDs are 1 to 4094.
Step3 end Return to privileged EXEC mode.
Step4 show mac address-table static Verify your entries.
Step5 copy running-config startup-config (Optional) Save your entries in the configuration file.