It seems both commands can be used. What do you think about this? What do you think about the behaviour of each command? I would use mac address access lists..
What do you think Juilan? I don't know any other way to block a specific mac address. I am assuming you are worried that the mac could show up on any port. If you suspect the mac address will show up on a known port and you already have a device connecting on that port and the port is an access port, you could use port-security and set it to only allow 1 mac address and then specify the mac address as static or sticky.
Yes, I assume the MAC address can appear on any port, so port-security is not a good option. It seems the other two commands work, but also I found this. I don't know whether it works on any platform. And the link you say in post 11 could work as well. So, it seems there are many resources to accomplish this.
Understanding and Using Persistent MAC Learning - TechLibrary - Juniper Networks
Looks like both methods block based on VLAN. Wonder if there is a way to block that is not VLAN specific Will have to dig deeper. Please enter a title. You can not post a blank message. Please type your message and try again. Nov 3, 2: I do not know the exact difference between the following commands: H in interface configuration mode. I have made some tests on a switch with no connected devices in PT I have no real switches: Any answer will be much appreciated. This content has been marked as final.
Show 16 replies. Maybe he is wrong. In the orange highlighted part of the textbook passage, what is meant by static mac addresses configured by port security feature?
- Your Answer.
- Cisco Nexus 5000 Series NX-OS Software Configuration Guide?
- We apologize for the inconvenience....
You can use port security to define which MAC addresses should be seen on specific ports. For the dynamic mac addresses interface 1 and 24, which I have connected out to two other switches , why are there two, and not one, mac addresses entries learned per port?
Understanding and Using Persistent MAC Learning
Home Questions Tags Users Unanswered. I have a quick question regarding static MAC addresses, as per this passage: Here is my output for show mac address-table command: My questions are: Am I correct in thinking that static MAC address are the mac addresses of the switch itself? Why are there 4 static mac addresses? I appreciate any insight.
I put your graphics into the question. You can use the Image button for that. These static MAC entries are retained across a reboot of the switch.
In addition, you can enter a multicast address as a statically configured MAC address. A multicast address can accept more than one interface as its destination. The switch uses an aging mechanism, defined by a configurable aging timer, so if an address remains inactive for a specified number of seconds, it is removed from the address table.
You can configure MAC addresses for the switch. These addresses are static MAC addresses. To configure a static MAC address, perform this task:. Specifies a static address to add to the MAC address table. If you enable the auto-learn option, the switch will update the entry if the same MAC address is seen on a different port. This example shows how to put a static entry in the MAC address table:.
To delete a static MAC address, perform this task:. To delete the static entry from the MAC address table, enter the no form of the command. You can use the mac-address-table static command to assign a static MAC address to a virtual interface. You can configure the amount of time that an entry the packet source MAC address and port that packet ingresses remain in the MAC table. To configure the aging time for all MAC addresses, perform this task:. Specifies the time before an entry ages out and is discarded from the MAC address table.