mac-address-table static 12ab.47dd.ff89 vlan 3 interface ethernet 2/1

The interface ethernet 2/1 will be which because my vlan is created on L3 switch and uplinks are going to below access switch. I want to bind all IPs with MAC on L3 only not on lower access switch.

Just use the arp on the l3 and if you have l2 switches you can use the mac as well but the arp will be enough to lock mac to ip on L3 switch and then set the users as static ip to match

OK, Thanks for your support. But one confusion the interface ethernet2/1 will be which interface. Uplink to my lower switch????

if you were using static mac it would go on l2 only , the 2/1 interface would actually be the user interface like pc

so say 24 port switch you would have 23 static macs each going to a port where  user are connected letting switch know what macs should be only

its just saying mac of the 2/1 interface is part of vlan 3 and this is what it is x.x.x

You can then go to the l3 device and match that mac also to specific ip

Its a lot of manual administration on large networks but small networks its not to bad but removes any type of automation for the users connecting

But I want to bind all on L3 switch which would be my trunk port or access port for lower switch. Means whole building load (approx150 IP+MAC) coming to this switch as it is my core switch.

Well the other option is to automate it to an extent with dhcp /dhcp snooping /port-security and arp inspection features like that if you don't want to manually tag every mac/ip being learnt

manual you can do 150 static arps on the  L3 device rather than have anything dynamic

static macs is extra really and I would only apply on the l2 switch where the actual device is physically located but once the static arp is in place it will cover the ips so they cant just use that ip as it will be bound to specific mac so static macs as well may be overkill

Thanks for your support.