Managing the MAC Address Table
Configuring Unicast MAC Address Filtering
When unicast MAC address filtering is enabled, the switch drops packets with specific source or
destination MAC addresses. This feature is disabled by default and only supports unicast static
addresses.
Follow these guidelines when using this feature:
•
•
•
You enable unicast MAC address filtering and configure the switch to drop packets with a specific
address by specifying the source or destination unicast MAC address and the VLAN from which it is
received.
Beginning in privileged EXEC mode, follow these steps to configure the switch to drop a source or
destination unicast static address:
Command
Step 1
configure terminal
Step 2
mac address-table static mac-addr
vlan vlan-id drop
Step 3
end
Step 4
show mac address-table static
Step 5
copy running-config startup-config
To disable unicast MAC address filtering, use the no mac address-table static mac-addr vlan vlan-id
global configuration command.
Catalyst 3550 Multilayer Switch Software Configuration Guide
7-26
Multicast MAC addresses, broadcast MAC addresses, and router MAC addresses are not supported.
If you specify one of these addresses when entering the mac address-table static mac-addr vlan
vlan-id drop global configuration command, one of these messages appears:
% Only unicast addresses can be configured to be dropped
% CPU destined address cannot be configured as drop address
Packets that are forwarded to the CPU are also not supported.
If you add a unicast MAC address as a static address and configure unicast MAC address filtering,
the switch either adds the MAC address as a static address or drops packets with that MAC address,
depending on which command was entered last. The second command that you entered overrides the
first command.
For example, if you enter the mac address-table static mac-addr vlan vlan-id interface
interface-id global configuration command followed by the mac address-table static mac-addr
vlan vlan-id drop command, the switch drops packets with the specified MAC address as a source
or destination.
If you enter the mac address-table static mac-addr vlan vlan-id drop global configuration
command followed by the mac address-table static mac-addr vlan vlan-id interface interface-id
command, the switch adds the MAC address as a static address.
Purpose
Enter global configuration mode.
Enable unicast MAC address filtering and configure the switch to drop a
packet with the specified source or destination unicast static address.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
•
For mac-addr, specify a source or destination unicast MAC address.
Packets with this MAC address are dropped.
•
For vlan-id, specify the VLAN for which the packet with the
specified MAC address is received. Valid VLAN IDs are 1 to 4094.
Chapter 7
Administering the Switch
78-11194-09