3750 mac-address-aging timer

Similar Messages

• Arp aging time on router and mac address aging time on switches set close t

  Hi,
  appreciate some advice on the following:
  what is the benefit of setting arp aging time on router and mac address aging time on switches close to each other?
  Thanks,
  Christina

  Hi,
  based on the below output, do you think implementing it will benefit? Thanks.
  C2950#sh int fa0/43
  FastEthernet0/43 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 000d.5e11.4e2b (bia 000d.5e11.4e2b)
  MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec,
  reliability 255/255, txload 7/255, rxload 2/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s
  input flow-control is off, output flow-control is off
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 933000 bits/sec, 149 packets/sec
  5 minute output rate 2981000 bits/sec, 263 packets/sec
  2819781393 packets input, 3782332886 bytes, 0 no buffer
  Received 266693 broadcasts (0 multicast)
  0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
  0 watchdog, 0 multicast, 0 pause input
  0 input packets with dribble condition detected
  4015025747 packets output, 2328228393 bytes, 0 underruns
  0 output errors, 0 collisions, 2 interface resets
  0 babbles, 0 late collision, 0 deferred
  0 lost carrier, 0 no carrier, 0 PAUSE output
  0 output buffer failures, 0 output buffers swapped out
  C2950#

• Dot1x disable mac-address aging

  Hi, all!
  I have configured dot1x on 3560 switches on my network. Switches have been configured to send MAC notification traps. I have set mac address-table aging time to 1800 sec. but only 802.1x not enabled switch send trap periodically.  It seem dot1x technilogy disable mac-address aging process.
  Can anybody explain it.

  You can control mac-address learning for a VLAN by using this switchport command on a trunk.
  Router(config-if)# switchport port-security maximum 3 vlan 102
  Or simply use this to allow only a certain number of mac's per access port.
  Router(config-if)# switchport port-security maximum 1
  Here is the command reference.
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios122sr/cr/srir_r/ir_s4sr.htm#wp1015189
  PS: you cannot totally stop mac learning as the valid values are from 1-4097 so you cant set it to zero and i believe you dont want to as well , since you have a layer2/3 environment.
  HTH-Cheers,
  Swaroop

• How to change mac address on time capsule

  Hi there,
  How to change mac address on time capsule?

  There are routers that allow you to create/clone a mac address to whatever you like. Since many companies use the mac address to 'register' a unit connected to it's system, you usually just have to let them know you've changed your router and they will reset your system to accept connections from the new device.

• Add MAC Address to Time Capsule?

  Hey everybody--
  I have a MacBook Pro that connects to the Internet via a Time Capsule that is hooked up to a cable modem. I recently bought a Blu-Ray player that has a LAN port (no wireless), but it is miles away from the Time Capsule.
  I would like to share my MacBook Pro's wireless Internet connection by connecting an ethernet cable between the Blu-Ray player and the MacBook Pro. I turned on Internet Sharing and selected share Airport with computers using ethernet. I tested it out by seeing if my wife's MacBook could share the connection and it worked like a charm. (I turned off her Airport card and her computer accessed the Internet via an ethernet cable between our two computers.)
  Alas, the Blu-Ray player can't seem to share the connection.
  The Blu-Ray player uses DHCP but tt appears to receive a self-assigned IP address.
  The player manual says that if the connection fails "it may be necessary to set the MAC address of the unit at the router side."
  Does anyone know what this statement could mean? Can I add a device somehow to the Time Capsule. Any other thoughts on ways to make this work?
  Thanks in advance for the help!

  I found this how-to on the Web. I'm not too saavy with terminal, so these things always make me a bit nervous. Anyone have any concerns about following these steps to see if it works?
  The following procedure is confirmed to work as written.
  Start Internet Sharing if it's not already running.
  In Terminal, type cp /etc/bootpd.plist /tmp/bootpd.plist
  Stop Internet Sharing.
  Open /tmp/bootpd.plist for editing using TextEdit or whatever.
  Locate this section of the file, near the end:
  <key>replythresholdseconds</key>
  <integer>4</integer>
  Change the value 4 to 0.
  In Terminal, type sudo cp /tmp/bootpd.plist /etc
  Start Internet Sharing.
  If you want to, check that your change to /etc/bootpd.plist hasn't been reverted.

• EPC3010 MAC Address Aging

  The spec sheet does not say a lot about the bridge forwarding table.
  Could someone tell me the number of MAC addresses that the forwarding table can hold.
  Also are there SNMP OIDs for controlling how quickly entries in the forwarding table will time out, or for deleting entries in the forwarding table?

  The Add option allows you to add Ethernet MAC addresses for devices that might pass traffic through the bridge. If no addresses are added through the Add option, the bridge learns the first eight MAC addresses that pass through its Ethernet Port. Subsequently, only data from those addresses is allowed to pass through the bridge.
  Caution: The first MAC address you add should be that of the PC you are using to Telnet or browse to
  the bridge.
  You should add MAC addresses if there are more than eight Ethernet devices attached to the hub to
  which the bridge is connected. This ensures that the selected devices communicate through the bridge. After an address is added, the bridge won't learn any more addresses. You must type each MAC address you wish to have communicate through the bridge (up to eight).
  Once you enter the first MAC address, the MAC addresses of every other device that you want the
  bridge to communicate with must be entered. The process is not automatic and the bridge will no longer "learn" any addresses. The addresses must be manually entered.

• ARP Aging Time

  Hi there,
  Just wondering why, when i do show arp, in my WS-C4506, whith Supervisor II+ 1000BaseX, and cat4000-i9k91s-mz.122-25.EWA5.bin, it seems that i have +/- 20 % of arp entrys with the aging time of 0 sec all the time.
  I think it should increment that aging time till 300 sec (by default), and then reset, but not all the entries do it.
  Any ideias of what kind of "process" is causing it ?
  I have all in the vlan1, and the ip's that soffer this issue are hosts and Cisco equipments.
  Thank you in advance.
  Petr?nio

  Friend,
  I think you are a little confused with the ARP aging time and the mac-address aging time (also called as CAM table)
  The default ARP aging time is 4 hours but the switch hold the CAM table entires only for 5 minutes.
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a00807347ab.shtml#troubleshoot
  A permanent ARP entry does not have any timer assoiciated with it and is not shown as "0" but as "-".
  The thing which you are seeing is basically the cam is being aged out after 5 mins from the switch and is not incrementing as no frames are being received on the port.
  HTH, rate if it does
  Narayan

• CAM aging time VS Port-security aging time

  Hi All
  Please advise on the following:
  - Without port-security configured, MACs per interface are learnt as "Dynamic" entries and the global CAM aging timer applies (300 seconds) unless tweaked manually.
  - With switchport port-security enabled (without port-security mac-address sticky, which holds onto MACs infinitely) I see MACs being learnt as "Secure-Dynamic" in a show port-security interface gix/x output and as "Static" in the output of show mac address-table interface gix.x .
  What I want to know is if JUST port-security is applied (without mac-address sticky) do the default CAM aging timer of 300 seconds get applied to these MACs too? as I see their is also a option to configure port-security mac-address aging time / type, does this overrule / take precedence over the default CAM aging timer?
  Please assist, its not documented anywhere and its driving me a bit nuts!
  Thanks folks

  What I want to know is if JUST port-security is applied (without mac-address sticky) do the default CAM aging timer of 300 seconds get applied to these MACs too?
  Any aging time you configure with port security will take precedence over the default aging time.
  See this thread for details -
  https://supportforums.cisco.com/discussion/11054341/switchport-port-security-commands-help
  Jon

• Any ways to change the MAC address permanently?

  Are there?:)

  when i was still using netcfg2, i was doing the following to get a randomized, manufacturer-valid mac address every time i connected an access point:
  in each network profile:
  PRE_UP='. $SUBR_DIR/spoof.subr; ifconfig $INTERFACE down; ifconfig $INTERFACE hw ether $(generate_random_mac)'
  the 'ifconfig $INTERFACE down' is necessary for my card, annoying belkin-made rtl8185 pcmcia card.
  /usr/lib/network/spoof.subr:
  #!/bin/bash
  SPOOF_DIR=$SUBR_DIR"spoof/"
  SPOOF_VEND_FILE="stefan-maclist.txt"
  generate_random_mac() {
  echo $(${SPOOF_DIR}/fakeap.pl --vendors ${SPOOF_DIR}${SPOOF_VEND_FILE})
  the following is extracted from Black Alchemy Weapons Lab's fakeap.pl
  /usr/lib/network/spoof.pl
  #!/usr/bin/perl
  use strict;
  use warnings;
  use Getopt::Long;
  use Time::HiRes;
  use vars
  qw( $vendors_opt $wep_opt );
  my @vendors = ( "00:00:0C:", "00:00:CE:", "00:00:EF:" );
  # load_vendors
  # args: none
  # rets: none
  # Loads vendor mac prefix file into @vendors
  sub load_vendors {
  @vendors = ();
  open( my $FH, "<$vendors_opt" ) or die "Could not open $vendors_opt: $!\n";
  while ( my $line = <$FH> ) {
  chomp $line;
  $line =~ /^(\w\w:\w\w:\w\w)/;
  push @vendors, "$1:";
  close $FH;
  return;
  # gen_mac
  # args: none
  # rets: none
  # Returns a random MAC address with first three octets from @vendors
  # last three random.
  sub gen_mac {
  return sprintf(
  "%s%02X:%02X:%02X",
  $vendors[ int( rand $#vendors ) ],
  int( rand 256 ),
  int( rand 256 ),
  int( rand 256 )
  # Main
  GetOptions(
  "vendors=s" => \$vendors_opt
  load_vendors() if $vendors_opt;
  my $mac = gen_mac();
  print( $mac );
  i know of two sources for a list of valid manufacturer mac address triples.  stefan-maclist.txt comes with fakeap.pl.  a much more comprehensive list is the file 'manuf' in the root directory of the wireshark source, but it needs some editing before it will work with the fakeap.pl code snippet.
  one thing this doesn't do is avoid using your actual mac address.
  Last edited by kludge (2009-01-14 02:16:54)

• Why can't modify the vlan aging time

  4506-1#sh mac add aging-time
  Vlan    Aging Time      Configured Aging Time
  Global Vlan Admin Age: 300
     1    300             300
  100    300             300
  300    300             300
  500    300             300
  501    300             300
  502    300             300
  503    300             300
  600    15              300
  I don't do any aging time Settings, why aging time is 15? I don't have change to take effect.

  Duplicate post of Why cisco WS-C4506-E Switches High CPU?

• Mac address ACS authentication

  I have 3 cisco 350 aironets here. right now they all have mac authenication with each one having to have the mac address statically entered. I have a hardware ACS and would like to use that for the authenication so I do not have to enter the mac address 3 time. I have seen that you are suppose to add the mac address as the username and then the password, but i get an error stating that the username and password cannot be the same and will not add the user. What do i do now? I have done it just like cisco documentation states but again i get an error. please help.......

  There is a feature called "Per User VLAN Assignment" which should provide you with just the protection you're looking for. It uses the ACS Server to assign a user to a VLAN, regardless of what SSID they connect to the access point with. Per User VLAN Assignment requires IOS version 12.2(11)JA1.
  No configuration changes are made on the AP to engage per user VLAN assignment. All the configuration changes are made on the ACS. For more details check out the following URL,
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801444a1.html

• Strange mac address causing err-disable

  I have mainly 3550/4506 with port-security. Every day user ports go into err-disable and it's the same few mac addresses each time? anyone else came acreoss this ans know what's it is all about.

  It should tell you in the logg why the port is err-disableing the port . Could be as simple as speed/duplex mismatches on the port if they are causing something like a lot of late collisions the switch will err-disable the ports . Check the switch and nic settings for these devices .

• ISE Identities - Lifetime/Age-Out of Mac-Addresses

  Hello,
  is there a way to have the Mac-Addresses/Identities in the ISE-Database age-out after a certain amount of time (i.e. 4 weeks).
  Beste regards

  Here are some screenshot for the same

• How can i get the time capsule to use my mac's mac address

  on some wireless routers you can get the router to use the mac address of a client connected to it instead of it's own.
  Can i do that on the time capsule?

  Sorry, but no. You cannot change (spoof) the MAC address on any of the AirPort/Time Capsule routers.

• Time machine loads original Mac address...

  I had to reload a TM backup onto a different MBP. Problem is that even the Mac address of the original machine gets loaded. How do I tell my new MacBook Pro to revert to its own Mac address instead of impersonating the original one?
  Note: I think this is more a feature than a bug.
  Any way out of this?
  Thanks!
  Fernando

  Check the mac address of both. Network preference in system preferences. Highlight the working network connection, it should be at the top of the list, and click the advanced button. Go to the hardware tab and look at what the mac address is on both. I doubt they are the same.
  It could be the lease time. Refresh the lease on the 13".