Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4319
Views
13
Helpful
3
Replies

Static MAC entries

Go to solution
Adamciscoaccount
Level 1
Level 1

‎08-08-2016 08:51 AM - edited ‎03-08-2019 06:55 AM

A really quick simple one guys...

When would you statically enter a MAC into the MAC-address-table, does this just relate to setting a mac to a port in switchport security?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kallol Bosu
Cisco Employee
Cisco Employee

‎08-10-2016 02:28 AM

When you configure a port with port-security /Dot1X, the mac address learned on the port will always be shown as "STATIC" even though it is not hardcoded by Administrator. 

As Joseph correctly mentioned, there are many other reasons for putting a static MAC on box. Let me give you few classic examples- 

1. Microsoft NLB MAC address (unicast IP to multicast MAC mapping, not processed by hardware by default), so we configure static ARP/MAC binding for the same. 

2. Cobranet multicast traffic (L2)-  Cobranet multicast MAC does not use standard multicast MAC range so they are being treated as broadcast. When a switch (that has an SVI for that Vlan) receives that traffic, it gets punted to CPU and causes high CPU. 

We can put a static MAC for Cobranet Multicast mac to avoid this issue. 

3. if you need to drop a MAC statically for any reason then that can be done by static mapping- 

either you can point that to an interface (which is down/down) or use "drop" keyword to drop that MAC directly (not supported on all platforms). 

Please rate this post if helpful.

Regards,

Kallol

View solution in original post

3 Replies 3

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎08-08-2016 09:46 AM

Setting static mac in switchport security is one option. I have also seen some cameras or card readers that require static mac address.

HTH

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎08-08-2016 09:46 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

No, there are other reasons such as the target host never transmits traffic, so as switch would always flood traffic to its MAC unless you hard code the MAC as a static.

Go to solution
Kallol Bosu
Cisco Employee
Cisco Employee

‎08-10-2016 02:28 AM

When you configure a port with port-security /Dot1X, the mac address learned on the port will always be shown as "STATIC" even though it is not hardcoded by Administrator. 

As Joseph correctly mentioned, there are many other reasons for putting a static MAC on box. Let me give you few classic examples- 

1. Microsoft NLB MAC address (unicast IP to multicast MAC mapping, not processed by hardware by default), so we configure static ARP/MAC binding for the same. 

2. Cobranet multicast traffic (L2)-  Cobranet multicast MAC does not use standard multicast MAC range so they are being treated as broadcast. When a switch (that has an SVI for that Vlan) receives that traffic, it gets punted to CPU and causes high CPU. 

We can put a static MAC for Cobranet Multicast mac to avoid this issue. 

3. if you need to drop a MAC statically for any reason then that can be done by static mapping- 

either you can point that to an interface (which is down/down) or use "drop" keyword to drop that MAC directly (not supported on all platforms). 

Please rate this post if helpful.

Regards,

Kallol

Customers Also Viewed These Support Documents