Differnce between setting mac address port security under the interface vs. the mac address-table global command

I'm familiar with setting a static MAC address under a Cisco switch's individual interfaces. But there's another command (actually, a family of commands) at the global level. The one I'm interested in is:

mac address-table static xxxx.xxxxx.xxxx vlan y interface FastEthernet0/z

I'm not familiar with this command and what it does. How does it differ from setting the MAC address under the specific interface? Do they both do the same thing? Would you use them at the same time?

Thanks in advance.

Reply to
ttripp
Loading thread data ...

You did not mention the interface command used however;

The interface command is used to set the mac address that the switch uses on its own interface. It stops using the Built In Address (BIA) and uses the one specified instead.

The "mac address-table static " command creates a static entry in the Forwarding Database. This is used to determine which port to use as the output interface when forwarding packets.

Sounds like you need to look up the method that switches use to forward packets.

One or both of the cisco press books

Cisco Press.CCNA-CCENT ICND1 Official Exam Certification Guide - Wendell Odom (Aug. 2007)

Cisco Press.CCNA ICND2 Official Exam Certification Guide - Wendell Odom (Aug. 2007)

have excellent descriptions of the operation of switch forwarding, but I am sure you can find something on-line.

I am prety sure that the IEEE 802.1d standard is a free download (it was at one time for sure) but I forget how digestible it is for a beginner.

Reply to
bod43

The interface command(s) I was refering to are the "switchport port- security" command and the "maximum", "mac-address" and "violation" settings. That's the one I'm familiar and have used in the past.

Reply to
ttripp

quoted text -

So, I'm not sure what the purpose of the global command is when there is the port-security commands under the interface. Won't they both do the same thing, basically, preventing any traffic through the switch interface if it doesn't come from a NIC with a MAC address that matches?

Perhaps the global setting is a legacy command? I am trying to replace a 2924 with version 12.0 with a new 2960 with version 12.2.

Reply to
ttripp

) )So, I'm not sure what the purpose of the global command is when there )is the port-security commands under the interface. Won't they both do )the same thing, basically, preventing any traffic through the switch )interface if it doesn't come from a NIC with a MAC address that )matches? ) )Perhaps the global setting is a legacy command? I am trying to )replace a 2924 with version 12.0 with a new 2960 with version 12.2.

The global and interface don't do the same thing. The global mac commands do not enforce any type of port security per se, but a mac-address specified with a global command will override a dynamically learned entry. Think of the global mac commands the same as a adding a static ARP entry, while the interface commands are used to enable and configure port security.

Reply to
Thrill5

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.