Setting The Mac Address Timeout; Disabling Mac Address Learning; Viewing The Mac Address Table - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Customizing the MAC Address Table
then the security appliance drops the traffic and generates a system message. When you add a static ARP
entry (see the
automatically added to the MAC address table.
To add a static MAC address to the MAC address table, enter the following command:
hostname(config)# mac-address-table static interface_name mac_address
The interface_name is the source interface.
Setting the MAC Address Timeout
The default timeout value for dynamic MAC address table entries is 5 minutes, but you can change the
timeout. To change the timeout, enter the following command:
hostname(config)# mac-address-table aging-time timeout_value
The timeout_value (in minutes) is between 5 and 720 (12 hours). 5 minutes is the default.
Disabling MAC Address Learning
By default, each interface automatically learns the MAC addresses of entering traffic, and the security
appliance adds corresponding entries to the MAC address table. You can disable MAC address learning
if desired, however, unless you statically add MAC addresses to the table, no traffic can pass through the
security appliance.
To disable MAC address learning, enter the following command:
hostname(config)# mac-learn interface_name disable
The no form of this command reenables MAC address learning. The clear configure mac-learn
command reenables MAC address learning on all interfaces.
Viewing the MAC Address Table
You can view the entire MAC address table (including static and dynamic entries for both interfaces), or
you can view the MAC address table for an interface. To view the MAC address table, enter the following
command:
hostname# show mac-address-table [ interface_name ]
The following is sample output from the show mac-address-table command that shows the entire table:
hostname# show mac-address-table
interface
-----------------------------------------------------------------------
outside
inside
inside
The following is sample output from the show mac-address-table command that shows the table for the
inside interface:
hostname# show mac-address-table inside
interface
-----------------------------------------------------------------------
inside
Cisco Security Appliance Command Line Configuration Guide
26-4
"Adding a Static ARP Entry" section on page
mac address
0009.7cbe.2100
0010.7cbe.6101
0009.7cbe.5101
mac address
0010.7cbe.6101
Chapter 26
Configuring ARP Inspection and Bridging Parameters
26-2), a static MAC address entry is
type
Time Left
static
-
static
-
dynamic
10
type
Time Left
static
-
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
