Managing MAC address table
- The MAC address table contains address information that the switch uses to forward traffic between ports.
- Two types of addresses:
- Dynamic: a source MAC address that the switch learns from incoming frames and then ages out when it is not in use.
- Static: a manually entered address that does not age and is not lost when the switch reloads.
- The MAC address table also lists the associated VLAN ID and the port number with the MAC address.
- By default, MAC address learning is enabled on all interfaces and VLANs on the switch.
- MAC address learning can be disabled (except for internal VLANs) but it is not recommended.
- Cisco guides that you could disable MAC address learning only in VLANs with two ports. If you disable MAC address learning on a VLAN with more than two ports, every packet entering the switch is flooded in that VLAN domain.
- MAC address learning can be disabled for a single VLAN or a range of VLANs with one command.
- The same principle applies to interfaces.
- Example: no mac address-table learning vlan 223 or no mac address-table learning vlan 1-10,15.
- The show mac address-table command with different parameters displays information about the MAC address table.
Example:
Switch# show mac-address-table
Dynamic Addresses Count: 9
Secure Addresses (User-defined) Count: 0
Static Addresses (User-defined) Count: 0
System Self Addresses Count: 41
Total MAC addresses: 50
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
0010.0de0.e289 Dynamic 1 FastEthernet0/1
0010.7b00.1540 Dynamic 2 FastEthernet0/5
0010.7b00.1545 Dynamic 2 FastEthernet0/5
0060.5cf4.0076 Dynamic 1 FastEthernet0/1
0060.5cf4.0077 Dynamic 1 FastEthernet0/1
0060.5cf4.1315 Dynamic 1 FastEthernet0/1
0060.70cb.f301 Dynamic 1 FastEthernet0/1
00e0.1e42.9978 Dynamic 1 FastEthernet0/1
00e0.1e9f.3900 Dynamic 1 FastEthernet0/1
errdisable recovery
- Errdisable is a feature that automatically disables a port if the software detects an error situation on the port.
- This means that the configuration shows the port to be enabled but IOS has effectively shut it down and no traffic is sent or received on the port.
- To determine if a port has been error disabled, use the show interfaces command.
Example:
cat6knative#show interfaces gigabitethernet 4/1 status
Port Name Status Vlan Duplex Speed Type
Gi4/1 err-disabled 100 full 1000 1000BaseSX
- There are various reasons for the interface to go into errdisable. The reason can be:
- Duplex mismatch
- Port channel misconfiguration
- BPDU guard violation
- UniDirectional Link Detection (UDLD) condition
- Late-collision detection
- Link-flap detection
- Security violation
- Port Aggregation Protocol (PAgP) flap
- Layer 2 Tunneling Protocol (L2TP) guard
- DHCP snooping rate-limit
- Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
- Address Resolution Protocol (ARP) inspection
- Inline power
- To disable error-disable detection, use the no errdisable detect cause command.
- The show errdisable detect command displays the error-disable detection status.
- When the switch puts a port in the error-disabled state, the switch sends a message to the console that describes why it disabled the port.
Example:
%SPANTREE-SP-2-BLOCK_BPDUGUARD:
Received BPDU on port GigabitEthernet4/1 with BPDU Guard enabled. Disabling port.
- To recover a port in the errdisabled state, manual intervention is required. The administrator must issue shutdown and no shutdown on the port.
- If enabled, errdisable recovery can automatically re-enable a port after a timeout period.
- The errdisable recovery feature is disabled by default.
- The default timeout interval is 300 seconds and, by default, the timeout feature is disabled. If any one of the errdisable recovery conditions is enabled, the ports with this condition are reenabled after 300 seconds.
- To simultaneously enable errdisable autorecovery for all supported features, use errdisable recovery cause all. The timeout period can be adjusted with the errdisable recovery interval <sec> command.
Example:
cat6knative#show errdisable recovery
ErrDisable Reason Timer Status
----------------- --------------
udld Enabled
bpduguard Enabled
security-violatio Enabled
channel-misconfig Enabled
pagp-flap Enabled
dtp-flap Enabled
link-flap Enabled
l2ptguard Enabled
psecure-violation Enabled
gbic-invalid Enabled
dhcp-rate-limit Enabled
mac-limit Enabled
unicast-flood Enabled
arp-inspection Enabled
Timer interval: 300 seconds
Interfaces that will be enabled at the next timeout:
Interface Errdisable reason Time left(sec)
--------- --------------------- --------------
Fa2/4 bpduguard 273
- If any ports have been errdisabled, they will be shown at the end of show errdisable recovery output with the timeout left.
- To fully recover a port from the errdisabled state is to find and correct the root cause.
- If you reenable the port before you fix the root problem, the port just becomes error disabled again.
L2 MTU
- MTU is the maximum size of the packet that can still be sent on a data link without fragmentation.
- Encapsulations and type of transmission medium affect the MTU.
- The MTU of a higher layer must fit within the payload of the lower layer.
- Classic IOS and IOS XR configure the MTU differently.
- For instance, on IOS XR the mtu command, which sets the L2 MTU, includes the 14-byte L2 header (6-byte src MAC, 6-byte dst MAC, and 2-byte EtherType) for an Ethernet interface (without dot1q), or 4 bytes for Point-to-Point Protocol (PPP) or high-level data link control (HDLC).
- If the interface MTU of a non-dot1q Ethernet interface is the default of 1514 bytes, then higher layer protocols such MPLS can have a maximum MTU of 1500 bytes on that interface. This means you can fit only a 1500 byte MPLS frame (including labels) inside the Ethernet frame. You cannot configure a 1508 byte MPLS MTU on that interface if you want to allow two MPLS tags on top of a 1500 byte IPv4 packet. In order to transmit a 1508 byte MPLS frame on an Ethernet interface, the interface MTU must be increased to 1522, or higher value, in order to ensure that the L2 interface payload is large enough to carry the MPLS frame.
- See: MTU Behavior on Cisco IOS XR and Cisco IOS Routers.
Comments
Post a Comment