Solved: mac address table on a PIX

WStoffel1 · ‎05-22-2013

What am i missing?

pixfirewall# show mac-address-table

^

ERROR: % Invalid input detected at '^' marker.

[EDIT: karat is under the A in mac ]

pixfirewall# sh ver

Cisco PIX Security Appliance Software Version 8.0(4)

Device Manager Version 6.1(3)

Compiled on Thu 07-Aug-08 19:42 by builders

System image file is "flash:/image.bin"

Config file at boot was "startup-config"

pixfirewall up 175 days 11 hours

Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz

Flash E28F128J3 @ 0xfff00000, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: Ext: Ethernet0 : address is 000d.28f9.62a5, irq 10

1: Ext: Ethernet1 : address is 000d.28f9.62a6, irq 11

2: Ext: Ethernet2 : address is 000d.8810.a620, irq 11

3: Ext: Ethernet3 : address is 000d.8810.a621, irq 10

4: Ext: Ethernet4 : address is 000d.8810.a622, irq 9

5: Ext: Ethernet5 : address is 000d.8810.a623, irq 5

Licensed features for this platform:

Maximum Physical Interfaces : 6

Maximum VLANs : 25

Inside Hosts : Unlimited

Failover : Disabled

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 0

GTP/GPRS : Disabled

VPN Peers : Unlimited

This platform has a Restricted (R) license.

Serial Number: 807234146

Running Activation Key: 0x6ab205ba 0x986d4239 0xf56523af 0x76f3d58b

Configuration last modified by enable_15 at 12:58:08.130 EDT Thu May 16 2013

pixfirewall# show mac-address-table

^

ERROR: % Invalid input detected at '^' marker.

Jouni Forss · ‎05-22-2013

Hi,

To my understanding the only Cisco firewall model which has an actual switch built in is the ASA5505.

Though I have to admit that I havent seen that many PIX models.

And also in the ASA5505 model that mentioned command isnt supported.

The actual command on that device was

show switch mac-address-table

Maybe the command you mention is only available on transparent mode?

- Jouni

View solution in original post

Jouni Forss · ‎05-22-2013

Hi,

Command Modes

The following table shows the modes in which you can enter the command:


Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
	Routed	Transparent	Single	Context	System
Privileged EXEC	—	•	•	•	—

Source:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s4.html#wp1448364

- Jouni

View solution in original post

WStoffel1 · ‎05-22-2013

sh arp

guess that's the only way to get the macs...

Jouni Forss · ‎05-22-2013

Hi,

To my understanding the only Cisco firewall model which has an actual switch built in is the ASA5505.

Though I have to admit that I havent seen that many PIX models.

And also in the ASA5505 model that mentioned command isnt supported.

The actual command on that device was

show switch mac-address-table

Maybe the command you mention is only available on transparent mode?

- Jouni

Jouni Forss · ‎05-22-2013

Hi,

Command Modes

The following table shows the modes in which you can enter the command:


Command Mode	Firewall Mode		Security Context
	Routed	Transparent	Single	Multiple
	Routed	Transparent	Single	Context	System
Privileged EXEC	—	•	•	•	—

Source:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s4.html#wp1448364

- Jouni

WStoffel1 · ‎05-22-2013

Well that certainly explains why Show Switch Mac works on the 5505...thanks for having a look. I was going a little nuts. Sh arp gave me what i needed.

Jouni Forss · ‎05-22-2013

Yup,

The command "show arp" will usually get you the needed MAC address information except in situation where there is link networks between ASA/PIX and the actual hosts.

- Jouni