Filter
Top Products
5-29
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 5 Administering the Switch
Managing the MAC Address Table
Beginning in privileged EXEC mode, follow these steps to configure the switch to drop a source or
destination unicast static address:
To disable unicast MAC address filtering, use the no mac address-table static mac-addr vlan vlan-id
global configuration command.
This example shows how to enable unicast MAC address filtering and to configure the switch to drop
packets that have a source or destination address of c2f3.220a.12f4. When a packet is received in
VLAN 4 with this MAC address as its source or destination, the packet is dropped:
Switch(config)# mac address-table static c2f3.220a.12f4 vlan 4 drop
Disabling MAC Address Learning on a VLAN
By default, MAC address learning is enabled on all VLANs on the switch. You can control MAC address
learning on a VLAN to manage the available MAC address table space by controlling which VLANs,
and therefore which ports, can learn MAC addresses. Before you disable MAC address learning, be sure
that you are familiar with the network topology and the switch system configuration. Disabling MAC
address learning on a VLAN could cause flooding in the network.
Follow these guidelines when disabling MAC address learning on a VLAN:
• Disabling MAC address learning on a VLAN is supported only if the switch is running the IP
Services or LAN base image.
• Use caution before disabling MAC address learning on a VLAN with a configured switch virtual
interface (SVI). The switch then floods all IP packets in the Layer 2 domain.
• You can disable MAC address learning on a single VLAN ID (for example, no mac address-table
learning vlan 223) or on a range of VLAN IDs (for example, no mac address-table learning vlan
1-20, 15).
• We recommend that you disable MAC address learning only in VLANs with two ports. If you
disable MAC address learning on a VLAN with more than two ports, every packet entering the
switch is flooded in that VLAN domain.
• You cannot disable MAC address learning on a VLAN that is used internally by the switch. If the
VLAN ID that you enter is an internal VLAN, the switch generates an error message and rejects the
command. To view internal VLANs in use, enter the show vlan internal usage privileged EXEC
command.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
mac address-table static mac-addr
vlan vlan-id drop
Enable unicast MAC address filtering and configure the switch to drop a
packet with the specified source or destination unicast static address.
• For mac-addr, specify a source or destination unicast MAC address.
Packets with this MAC address are dropped.
• For vlan-id, specify the VLAN for which the packet with the
specified MAC address is received. Valid VLAN IDs are 1 to 4094.
Step 3
end Return to privileged EXEC mode.
Step 4
show mac address-table static Verify your entries.
Step 5
copy running-config startup-config (Optional) Save your entries in the configuration file.