Address Table Commands

bridge multicast filtering

To enable the filtering of multicast addresses, use the bridge multicast filtering command in switch configuration mode. To disable multicast address filtering, use the no form of this command.

bridge multicast filtering

no bridge multicast filtering

Syntax Description

This command has no arguments or keywords.

Command Default

Multicast address filtering is disabled. All multicast addresses are flooded to all ports.

Command Modes

Switch configuration (config-switch)

Command History

Release Modification
3.5.1

This command was introduced.

Usage Guidelines

When this feature is enabled, unregistered multicast traffic (as opposed to registered) are still flooded. All registered multicast addresses are forwarded to the multicast groups.

Examples

The following example enables bridge multicast filtering: 


nfvis(config-switch)# bridge multicast filtering
nfvis(config-switch)# commit
nfvis(config-switch)# end

bridge multicast unregistered

To configure the forwarding or filtering of unregistered multicast addresses, use the bridge multicast unregistered command in interface switch configuration mode. To restore the default configuration, use the no form of this command.

bridge multicast unregistered { forwarding | filtering}

no bridge multicast unregistered

Syntax Description

forwarding

Forwards unregistered multicast packets.

filtering

Filters unregistered multicast packets.

Command Default

Unregistered multicast packets are forwarded.

Command Modes

Interface (Gigabit Ethernet, Port Channel) switch configuration (config-switch-if)

Command History

Release Modification
3.5.1

This command was introduced.

Usage Guidelines

Do not enable unregistered multicast filtering on ports that are connected to routers because the 224.0.0.x address range should not be filtered. Routers do not necessarily send IGMP reports for the 224.0.0.x range. You can run this command before the VLAN is created.

Examples

The following example specifies that unregistered multicast packets are filtered on port channel 1: 


nfvis(config-switch)# interface port-channel 1
nfvis(config-switch-if)# bridge multicast unregistered filtering
nfvis(config-switch-if)# commit
nfvis(config-switch-if)# end

bridge unicast unknown

To enable egress filtering of unicast packets where the destination MAC address is unknown to the device, use the bridge unicast unknown command in interface switch configuration mode. To restore the default configuration, use the no form of this command.

bridge unicast unknown { forwarding | filtering}

no bridge unicast unknown

Syntax Description

forwarding

Forwards the unicast packets with unknown destination MAC address.

filtering

Filters the unicast packets with unknown destination MAC address.

Command Default

Unicast packets with unknown destination MAC address are forwarded.

Command Modes

Interface (Gigabit Ethernet, Port Channel) switch configuration (config-switch-if)

Command History

Release Modification
3.5.1

This command was introduced.

Examples

The following example filters the unicast packets on Gigabit Ethernet interface 1/1 when the destination is unknown: 


nfvis(config-switch)# interface gigabitEthernet 1/1
nfvis(config-switch-if)# bridge unicast unknown filtering 
nfvis(config-switch-if)# commit
nfvis(config-switch-if)# end

mac address-table aging-time

To set the aging time of the address table, use the mac address-table aging-time command in switch configuration mode. To restore the default, use the no form of this command.

mac address-table aging-time seconds

no mac address-table aging-time

Syntax Description

seconds

Time in seconds. Valid range is from 10 to 630 seconds.

Command Default

300

Command Modes

Switch configuration (config-switch)

Command History

Release Modification
3.5.1

This command was introduced.

Examples

The following example sets the aging time of the address table to 600 seconds: 


nfvis(config-switch)# mac address-table aging-time 600
nfvis(config-switch)# commit
nfvis(config-switch)# end

mac address-table static

To add a MAC-layer station source address to the MAC address table for a Gigabit Ethernet or port channel interface, use the mac address-table static command in switch configuration mode. To delete the MAC address, use the no form of this command.

mac address-table static mac-address vlan vlan-id interface { gigabitEthernet | port-channel} interface-id { permanent | delete-on-reset | delete-on-timeout}

no mac address-table static mac-address vlan vlan-id

Syntax Description

mac-address

Specify a valid MAC address.

vlan vlan-id

Specify the VLAN ID.

interface

Specifies the interface type.

gigabitEthernet

Specifies Gigabit Ethernet as the interface type.

port-channel

Specifies port channel as the interface type.

interface-id

Specify an interface ID.

permanent

Specifies the permanent static MAC address. The keyword is applied by the default.

delete-on-reset

Specifies the delete-on-reset static MAC address.

delete-on-timeout

Specifies the delete-on-timeout static MAC address.

Command Default

No static addresses are defined. The default mode for an added address is permanent.

Command Modes

Switch configuration (config-switch)

Command History

Release Modification
3.6.1

The port-channel parameter was added.

3.5.1

This command was introduced.

Usage Guidelines

Use the command to add a static MAC address with a given time-to-live.

Each MAC address in the MAC address table is assigned two attributes: type and time-to-live .

The following value of time-to-live is supported:

  • permanent : MAC address is saved until it is removed manually.

  • delete-on-reset : MAC address is saved until the next reboot.

  • delete-on-timeout : MAC address may be removed by the aging timer.

The following types are supported:

  • static : a MAC address manually added by the command with the following keywords that specify its time-to-live: permanent, delete-on-reset, delete-on-timeout .

    A static MAC address may be added in any port mode.

  • dynamic : a MAC address learned by the switch in a non-secure mode. The value of its time-to-live attribute is delete-on-timeout .

Examples

The following example adds a permanent static MAC address: 


nfvis(config-switch)# mac address-table static 00:3f:bd:45:5a:b1 vlan 1 interface gigabitEthernet 1/1 permanent 
nfvis(config-switch)# commit
nfvis(config-switch)# end

Examples

The following example adds a deleted-on-reset static MAC address: 


nfvis(config-switch)# mac address-table static 00:3f:bd:45:5a:b1 vlan 1 interface gigabitEthernet 1/1 delete-on-reset 
nfvis(config-switch)# commit
nfvis(config-switch)# end

port security enable

To enable port security learning mode on an interface, use the port security command. To disable port security learning mode on an interface, use the no form of this command.

port security enable

no port security enable

Syntax Description

enable

Enable port security on an interface.

Command Default

The feature is disabled by default.

Command Modes

Switch configuration (config-switch)

Command History

Release Modification
3.10.1

This command was introduced.

Usage Guidelines

None

Examples

The following example enables port security:


nfvis(config-switch)# interface gigabitEthernet 1/1
nfvis(config-switch)# port-security enable
nfvis(config-switch)# commit

port security max

To configure the maximum number of addresses that can be learned on the port while the port is in port, max-addresses or secure mode, use the port security max command. To restore the default configuration, use the no form of this command.

port security max max-addr

no port security max

Syntax Description

max-addr

Specifies the maximum number of addresses that can be learned on

the port. Valid range is from 0 to 256.

Command Default

This default maximum number of addresses is 1.

Command Modes

Switch configuration (config-switch)

Command History

Release Modification
3.10.1

This command was introduced.

Usage Guidelines

The command may be used only when the interface in the regular (non-secure with unlimited MAC learning) mode.

Use this command to change the default value before the port security command.

Examples

The following example configures max mac address:


nfvis(config-switch)# interface gigabitEthernet 1/1
nfvis(config-switch)# port-security max 5
nfvis(config-switch)# commit

port security violation

To discard packets or shutdown interface with unlearned source address, use port-security violation command.

port security violation[ discard shutdown]

Syntax Description

discard

Discards packets with unlearned source addresses.

shutdown

Discards packets with unlearned source addresses and shuts down the port.

Command Default

The default mode is discard.

Command Modes

Switch configuration (config-switch)

Command History

Release Modification
3.10.1

This command was introduced.

Usage Guidelines

None

Examples

The following example enables port security:


nfvis(config-switch)# interface gigabitEthernet 1/1
nfvis(config-switch)# port-security violation shutdown
nfvis(config-switch)# commit

switch clear mac address-table

To remove learned or secure entries from the forwarding database (FDB) for a Gigabit Ethernet or port channel interface, use the switch clear mac address-table command in privileged EXEC mode.

switch clear mac address-table dynamic [ { gigabitEthernet | port-channel} interface-id]

Syntax Description

dynamic

Deletes all dynamic (learned) addresses.

gigabitEthernet

Specifies gigabitEthernet as the interface type.

port-channel

Specifies port channel as the interface type.

interface-id

Specifies the interface ID.

Command Default

If interface-id is not provided, all dynamic entries are deleted.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

3.6.1

The port-channel parameter was added.

3.5.1

This command was introduced.

Examples

Delete all dynamic entries from the FDB. 

nfvis# switch clear mac address-table dynamic

show ports security

To display the port-lock status, use the show ports security command.

show ports security [ interface-id | detailed]

Syntax Description

detailed

Displays information for non-present ports in addition to present ports.

interface-id

Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or port-channel.

Command Default

Display for all interfaces. If detailed is not used, only present ports are displayed.

Command Modes

Switch configuration (config-switch)

Command History

Release Modification
3.10.1

This command was introduced.

Usage Guidelines

None

Examples

The following example verifies the configuration:


nfvis# show switch interface port-security
MAC
VIOLATION ADDRESS MAX MAC
PORT STATUS LEARNING HANDLING COUNT ADDRESS
--------------------------------------------------------------
1/0 Disabled Delete-On-Reset Discard 0 0
1/1 Enabled Delete-On-Reset Discard 1 5
1/2 Disabled Delete-On-Reset Discard 0 0
1/3 Disabled Delete-On-Reset Discard 0 0
1/4 Disabled Delete-On-Reset Discard 0 0
1/5 Disabled Delete-On-Reset Discard 0 0
1/6 Disabled Delete-On-Reset Discard 0 0
1/7 Disabled Delete-On-Reset Discard 0 0

show switch mac addr-table

To display entries in the MAC address table, use the show switch mac addr-table command in privileged EXEC mode.

show switch mac addr-table vlan-id

Syntax Description

vlan-id

Specifies the VLAN ID.

Command Default

None

Command Modes

Privileged EXEC (#)

Command History

Release Modification
3.5.1

This command was introduced.

Examples

The following is a sample output of the show switch mac addr-table command: 


nfvis# show switch mac addr-table 1
VLAN  MAC ADDRESS        PORT   TYPE
--------------------------------------------------------------
1     00:22:bd:fb:af:41  gi1/6  dynamic
1     00:22:bd:fb:af:42  gi1/7  dynamic
1     00:22:bd:fb:af:80  gi1/5  dynamic
1     00:25:45:92:e7:aa  gi1/1  dynamic
1     00:3a:7d:94:78:92  gi1/1  dynamic
1     00:a6:ca:d6:31:34  none   self
1     0c:d9:96:91:06:06  gi1/4  dynamic