- #CISCO MAC ADDRESS TABLE DROP SOFTWARE#
- #CISCO MAC ADDRESS TABLE DROP CODE#
- #CISCO MAC ADDRESS TABLE DROP SERIES#
To demonstrate this we only require two devices. You can either specify the interface where the MAC address is located or tell the switch to drop the traffic. A really simple method to deal with this issue is to manually configure entries in the MAC address table, a static entry will always overrule dynamic entries. This process is vulnerable to layer 2 MAC address spoofing attacks where an attacker spoofs a certain MAC address to change entries in the MAC address table. That's also why the port capabilities on this switch are so limited - the ports only support what the ASICs were designed to do, and the IOS image can't add support for things not already handled by the ASICs.Normally your switch will automatically learn MAC addresses and fill its MAC address table (CAM table) by looking at the source MAC address of incoming frames and flooding frames if it doesn’t know where to forward the frame. The only part of packet processing it gets involved with is some support for spanning tree.
#CISCO MAC ADDRESS TABLE DROP CODE#
* The processor on a 2900XL is a very low-end PowerPC and once it loads the code for the ASICs, it spends most of its time (30% to 50%) just fiddling the front panel LEDs. I can see a couple system crashers in there, some of which don't even require command-line access to the switch (it can be crashed by network packets originated elsewhere). It dates from the beginning of the "thousand kingdoms" IOS era, and it never got any fixes from either other platforms or newer IOS versions. I just took a look at that code, and all I can say is "yikes". The older versions had very poor throughput and could not sustain an aggregate performance of even 200Mbit/sec. I think the sequence (from oldest to newest) was no color (just molded-in numbers), white, and yellow. There were 3 versions of the 2900XL hardware, which can be distinguished by the color of the port number labels. And that didn't run on some older 2900XL's. I believe the last release was 12.0(5)WC17 from Febru(any builds beyond that were one-offs for large customers with custom maintenance agreements).
System image file is "flash:c2900XL-c3h2s-mz-120.5.2-XU.bin"Ĭlick to expand.The 2900XL's have been completely obsolete for years now.
#CISCO MAC ADDRESS TABLE DROP SOFTWARE#
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE INTERIM SOFTWARE
#CISCO MAC ADDRESS TABLE DROP SERIES#
Relevant Version info Output of # Sh Ver from my switch (i also have 1900 series switches in use): Static / dynamic or sticky port security, doesn't seem to address my specific issue either (my issue being knowing a mac-address that you want to block, ahead of time)Ĭan anyone help with this or point me in the right direction? There just must be a way to block a Mac Address from even these earlier cisco 2924 swtiches. (hitting enter to execute the command will add an entry to my running-config, but it does not block the mac-address in any way) (for background, my exact scenario is, at times a user will plug in a rogue dhcp server, at which point my router sends me an alert- i then remotely track down the specific switch port the user plugged the rogue dhcp server into and then shutdown that switch port, until i get a phone call ( "my internet/wall jack isnt working!" )- Id much rather be able to block the mac address of that rogue dhcp servers Ethernet port (usually the LAN port(s) on a wifi router), so that the user will hopefully try other Ethernet ports on their router (until they find the proper WAN/Internet port, which they should have been using all along) - or the user will try other non dhcp-server devices, both of which could avoid a phone call to network support, which is the result when their port is fully shutdown )Īll of my research has lead me to examples or solutions on other models of Cisco switches with this command (this command, if it worked on my version/model, would accomplish my goal):ĪRW_3548(config)#mac-address-table static 00e0.b8b8.1c61 ? ĪRW_3548(config)#mac-address-table static 00e0.b8b8.1c61 fastEthernet 0/22 ? ĪRW_3548(config)#mac-address-table static 00e0.b8b8.1c61 fastEthernet 0/22 vlan 2 ? My goal is to block all traffic or to shutdown a switch port (or otherwise block), if a specific mac-address is plugged into the switch.
0 kommentar(er)
