Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
0
Helpful
3
Replies

Prevent ME-3400 switch from learning a specific mac-address

mats.brynolf
Level 1
Level 1

‎03-31-2011 08:11 AM - edited ‎03-06-2019 04:22 PM

Hi,

Is there a way to block a specific MAC-address on a ME-3400 switch from entering the mac address-table. Setting up a mac access-list isn't what I'm after. The key here is to prevent the switch from learning the specified mac-address in the first place.

Labels:
0 Helpful
3 Replies 3

hobbe
Level 7
Level 7

‎03-31-2011 09:41 AM

Hi

I understand your question as if a specific mac-address comes in on a port in a switch it should be ignored and the switch hould not know about that mac-address.

I do not understand why anyone would want to do that so if you tell us what you are trying to achieve it might  be some work around that will work for you.

what would happen if this scenario played out ?

well first the packet will enter the switch and be sent out on whatever interface its destination is on.

The answer to the first packet will arrive and since the switch does not know where to send it it will flood it out on all ports.

why would anyone want this result ?

good luck

HTH

0 Helpful

mats.brynolf
Level 1
Level 1
In response to hobbe

‎03-31-2011 10:18 AM

Well there actually 3 things I want when a certain mac address enters a fa-port. First off, the ME switch should not learn the mac address on that port, secondly block all incoming traffic with the source mac address xxxx.xxxx.xxxx, lastly we need to allow all other traffic.

The reason is rather long to explain, but we have come across a strange scenario where igmp membership queries enters the ME switch on its uplink port and then traverse down to all enabled mvr ports. These ports have a CPE connected to it that does not handle traffic correctly. What happens is that the igmp traffic when it enters the CPE is forward back on the same uplink port back to the ME switch. The result is that the ME switch first see the source mac address on its uplink port from a PIM router and then it will see it on the port connected to the CPE, which results in a mac flap.

Sadly replacing these CPE’s aren’t a solution for us.

0 Helpful

hobbe
Level 7
Level 7
In response to mats.brynolf

‎03-31-2011 11:40 AM

Hi

Maybe portsecurity can be useful for you ?

it can atleat do some of that but might be wrong for your environment.

good luck

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card