Static MAC Entry on the Switch

In general the Cisco IOS switches learn the MAC address of the connected devices dynamically by looking at the SRC MAC address of the frame incoming on any of its ports. This dynamic MAC learning is prone to spoofing attacks hence we can manually add Static MAC entries on the switch to overrule the dynamic MAC.We can define where the MAC is located or can make the switch drop the traffic.

Let us look at the simple topology below where a R1 generates some traffic towards the switch SW1.

We will do simple ping from R1 to SW1 and see the MAC table on SW1 as below:

R1#ping 9.9.12.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 9.9.12.2, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/5 ms

SW1#sh mac address-table

Mac Address Table

——————————————-

Vlan    Mac Address       Type        Ports

—-       ———–             ——–     —–

1    aabb.cc00.0100    DYNAMIC     Et0/0

Total Mac Addresses for this criterion: 1

We see in the above output that we have learnt the MAC address dynamically on E0/0 port of switch SW1.

Now let us change the entry to static as below and then check the CAM table again:

SW1(config)#mac address-table static aabb.cc00.0100 vlan 1 interface ethernet 0/0

Now we see the entry has changed to Static now:

SW1#sh mac address-table

Mac Address Table

——————————————-

Vlan    Mac Address       Type        Ports

—-    ———–       ——–    —–

1    aabb.cc00.0100    STATIC      Et0/0

Total Mac Addresses for this criterion: 1

Please follow and like us:

Related Post

Tags:

Add Comment

Social Media Auto Publish Powered By : XYZScripts.com
Select your currency