CNA 5.5 and show mac address-table
When trying to Monitor/Search for MAC address in C2960 network I got an error reply that a CLI command is not supported. Analyzing network traffic shows that CNA 5.5 is issueing 'show mac-address-table' command but the latest Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(55)SE does not support 'show mac-address-table' anymore but does support 'show mac address-table' command. How can I change the command for showing mac address tables in CNA 5.5?
M.
hi john,
the show mac-address-table command should be valid.
check if you've got MAC learning enabled on the ASA interface using show mac-learn command.
edit: could you post show firewall? the above command works on transparent firewall only.
Similar Messages
-
Given the command show mac-address-table from the privilege exec mode in a cat 2950, the output shows some (i think 4) mac-address tha are system. Do u have any idea what are these mac?
Hi Dimitris,
Thanks for writing in. I tried the command on my switch and got the following: Do you see a similar output and is this what you are referring to?
2950#sh mac-address-table
Mac Address Table
Vlan Mac Address Type Ports
All 0009.7c70.f9c0 STATIC CPU
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0100.0cdd.dddd STATIC CPU
0100.0ccc.cccc is used for CDP/VTP/DTP/PAgP/UDLD
0100.0ccc.cccd is used for PVST+
0100.0cdd.dddd seems to be related to multicast, however need to confirm on this.
0009.7c70.f9c0 is the mac address for my management vlan interface.
2950#sh int vlan 1
Vlan1 is administratively down, line protocol is down Hardware is CPU Interface, address is 0009.7c70.f9c0 (bia 0009.7c70.f9c0)
Hope this helps.
regards
-Alok -
Show mac-address-table not working on ASA5512
Hi,
I'm unable to excute "show mac-address-table" on an ASA5512, running 9.1(1). The output is:
asa-test# show mac-address-table
^
ERROR: % Invalid input detected at '^' marker.
Has the command changed for this model / version? It works fine on ASA5505's running 8.4(5).
Thanks for your time,
Johnhi john,
the show mac-address-table command should be valid.
check if you've got MAC learning enabled on the ASA interface using show mac-learn command.
edit: could you post show firewall? the above command works on transparent firewall only. -
Show Mac Address Table in ASR9k running XR
I'm trying to find a Mac Address in the ASR9k table. We have a server with multiple mac addresses and we need to know what MAC is being learned by what interface.
Thank you,Use the command
show l2vpn forwarding bridge-domain <group_number>:<domain_name> mac-address location 0/x/CPU0
or
show l2vpn forwarding bridge-domain mac-address location 0/x/CPU0 -
CSCui55504 - show Mac address table from RP gives an error msg and40;but from SP works )
Hello Cisco,
Is there any updates or ETA regarding this bug, as our production 6500 core switch is experiencing this issue and viewing mac-table is a critical activity we perform everyday to troubleshoot client connections.I'm having this same issue. I also have this line in my log, which is curious:
12/14/14 7:13:07.822 PM netbiosd[16766]: Attempt to use XPC with a MachService that has HideUntilCheckIn set. This will result in unpredictable behavior: com.apple.smbd
Is this related to the problem? What does it mean?
My 2010 27" iMac running Yosemite won't wake up from sleep. -
6509E with Sup720 - Show mac address
I have seen very strange behavior. The following two commands show different outputs...
core2#sho mac address-table dynamic | in cc04
7 0009.0fbb.cc04 dynamic Yes 150 Po10
core2#sho mac address-table address 0009.0fbb.cc04
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
------+----------------+--------+-----+----------+--------------------------
No entries present.
Po10 is etherchannel to core1. The MAC address is on the core2 and should never be learned on core1. Core1 doesn't learn this MAC address at all.
The commands are run at the same time. I repeated many times and it is the same... Any idea why?
Thanks!
DifanHi Jon,
Correct, I am not using VSS. However it is not standard set up. The vlan 7 is extended to many other switches. The root is actually not core1 or core2. It also passes some provider to different location as well. However like you said, all the correct ports are blocked. Please trust me on this.. If there is a loop, we will have much more serious problem... At least our CPU will hike and link will congested, right?
I know your concern that the same packet could be somehow loopped back through core1, which makes core2 to learn the MAC on the port-channel interface to core1. However when this happens, core1 doesn't learn the MAC anywhere and on core2 some command show the MAC but not the other command...
Also something interesting, even that MAC in the command will eventually disappear. Please note the aging time. The aging time configured on the vlan is 480 seconds. At last the MAC address is pointing to another interface like G1/1. That interface doesn't even have vlan 7 allowed on the trunk link.
core2#sho mac address-table address 0009.0fbb.cc04
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
------+----------------+--------+-----+----------+--------------------------
No entries present.
core2#
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 285 Po10
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 290 Po10
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 300 Po10
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 305 Po10
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 315 Po10
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 320 Po10
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 320 Po10
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 330 Po10
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 335 Po10
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 340 Po10
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 375 Po10
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 405 Po10
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 425 Po10
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 465 Gi1/1
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 480 Gi1/1
core2#show mac address-table | in 0009.0fbb.cc04
7 0009.0fbb.cc04 dynamic Yes 480 Gi1/1
core2#show mac address-table | in 0009.0fbb.cc04
core2#show mac address-table | in 0009.0fbb.cc04
core2#sho mac address-table address 0009.0fbb.cc04
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
------+----------------+--------+-----+----------+--------------------------
No entries present.
core2#sh int g1/1 trunk
Port Mode Encapsulation Status Native vlan
Gi1/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/1 64,72,156,214-216,300,600
Port Vlans allowed and active in management domain
Gi1/1 64,72,156,214-216,300,600
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1 64,72,156,214-216,300,600
Is it a bug?
Thanks! -
Mac address table corruption?
We are running Cisco 4500 chassis at the access layer, and have been for a few years without issue. Recently we started to experience issues where a mac address will just randomly "jump" to another port. User will call us and say their computer is not working. We will locate the mac, and its showing on the wrong port. We shut that port, do a no shut, and the mac jumps back to the correct port. In the example below, the mac address jumps to port 3/2, but is physically connected to 2/12.
!--issue before shut/no shut
mdf#show mac address-table | inc 9ebf
236 782b.cb8c.9ebf static ip,ipx,assigned,other GigabitEthernet3/2
!--port security knows the correct info however
mdf#show ip dhcp snooping binding | inc 9E:BF
78:2B:CB:8C:9E:BF xxx.xxx.236.193 76145 dhcp-snooping 236 GigabitEthernet2/12
mdf#show mac address-table int gi2/12
Unicast Entries
vlan mac address type protocols port
---------+---------------+--------+---------------------+-------------------------
3908 20bb.c021.ae58 static ip,ipx,assigned,other GigabitEthernet2/12 !--ip phone
mdf#show mac address-table int gi3/2
Unicast Entries
vlan mac address type protocols port
---------+---------------+--------+---------------------+-------------------------
236 1803.7339.d93d static ip,ipx,assigned,other GigabitEthernet3/2
236 782b.cb8c.9ebf static ip,ipx,assigned,other GigabitEthernet3/2 !--mac in question
236 782b.cb8c.c366 static ip,ipx,assigned,other GigabitEthernet3/2
3908 b414.89a2.2ae0 static ip,ipx,assigned,other GigabitEthernet3/2
!--fixing issue
mdf(config)#int gi3/2
mdf(config-if)#shut
!-- issue resolved
mdf#show mac address-table | inc 9ebf
236 782b.cb8c.9ebf static ip,ipx,assigned,other GigabitEthernet2/12
Switch is running cat4500e-entservicesk9-mz.151-2.SG2.bin , but also happened on cat4500e-entservicesk9-mz.151-2.SG4.bin and cat4500e-entservicesk9-mz.150-2.SG4.bin. Other switches have also had this issue occur.Looks to be me like a bug.
could you please provide me some more details on this:
1- How often this issue is occurring?
2- Is this occurring to specific ports or specific laptops which are connecting to this ports or is it irrespective of devices?
3- Is there any possibilities that you try rebooting one of the switch if the issue is very often? (I know this is not a feasible solution , I know it is some issue iwth the firmware but in case to avoid high impact you can reboot the switch and update me?
4- Provide me with the logs from the switch?
5- I will do the bug scrub and let you know.
HTH -
Can't clear mac address table from interface
hello all.
I'm facing a problem, and i've also tried to workaround but not sucessfully.
I've got a polycom phone on the swich. When I connect a laptop on that port, the mac address is learned by the switch and keep the mac address even if I disconnect the ethernet cable from that port and if I try to connect the same laptop on other port on the same switch I've got errdisable error in the last connected port. Although I was figuring out what's wrong and seems that the mac address is kept for some reason in the first port.
sw02#show mac address-table interface f0/19
Mac Address Table
Vlan Mac Address Type Ports
60 3c07.5417.9069 STATIC Fa0/19
80 0004.f21e.afa7 STATIC Fa0/19
this is a 2960, Version 12.2(44r)SE4
with a Polycom SoundPoint IP 330 connected on vlan 80
I was searching to clear the mac address table on that interface but the IOS version didn't give me the static option
sw02#clear mac address-table ?
dynamic dynamic entry type
move move keyword
notification Clear MAC notification Global Counters
As there's no dynamic entries on that interface the mac addresses remain on the f0/19 interface.
I've tried with other switches and with other laptops and is the same errdisable status.
sw02#show run int f0/19
interface FastEthernet0/19
description VoIP
switchport access vlan 60
switchport mode access
switchport nonegotiate
switchport voice vlan 80
switchport port-security maximum 5
switchport port-security
no snmp trap link-status
ip dhcp snooping limit rate 100
end
any thought?the mac addresses are not manually configured.
yes, that's my point. when I disconnect the ethernet cable the mac addresses are not flushed from the mac table.
Although I don't understand why the mac addresses are kept in the interface, if I force the interface aging time to 1 min, the problem don't occur anymore.
I was reviewing the switch config and I've got ports with aging time 0 (that learn and flush the mac addresses dynamically) and I've got ports with aging time 1 (that learn and flush the mac addresses at the end of 60 seconds)
The problem is solved although I need to investigate this issue in other switch models and with other voip phones.
Tks Jon and Julio -
Primary N7k cannot query MAC address table
I try:
show mac address-table
show mac address-table <anything else>
The command just hangs on:
#sh mac address-table
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports
------------+-----------------------+-------------+---------+-----------+--------+------------------
The secondary N7k does not have this issue.
RickDo you have a redundant/backup supervisor engine in the N7K?
If so, try to failover to it - I have had instances where the MAC address for a specific host has become "stuck" in one supervisor engine, and the only solution was to failover to the second engine and restart the first.
If you don't have a redundant engine, you may have to restart your supervisor engine with the "reload module x" command, or by simply restarting the switch. Note that if you've only got one supervisor module and you reload it, you will lose traffic while it reboots.
Cheers -
What am i missing?
pixfirewall# show mac-address-table
^
ERROR: % Invalid input detected at '^' marker.
[EDIT: karat is under the A in mac ]
pixfirewall# sh ver
Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)
Compiled on Thu 07-Aug-08 19:42 by builders
System image file is "flash:/image.bin"
Config file at boot was "startup-config"
pixfirewall up 175 days 11 hours
Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : address is 000d.28f9.62a5, irq 10
1: Ext: Ethernet1 : address is 000d.28f9.62a6, irq 11
2: Ext: Ethernet2 : address is 000d.8810.a620, irq 11
3: Ext: Ethernet3 : address is 000d.8810.a621, irq 10
4: Ext: Ethernet4 : address is 000d.8810.a622, irq 9
5: Ext: Ethernet5 : address is 000d.8810.a623, irq 5
Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has a Restricted (R) license.
Serial Number: 807234146
Running Activation Key: 0x6ab205ba 0x986d4239 0xf56523af 0x76f3d58b
Configuration last modified by enable_15 at 12:58:08.130 EDT Thu May 16 2013
pixfirewall# show mac-address-table
^
ERROR: % Invalid input detected at '^' marker.Hi,
Command Modes The following table shows the modes in which you can enter the command:
Command Mode
Firewall Mode
Security Context
Routed
Transparent
Single
Multiple
Context
System
Privileged EXEC
Source:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s4.html#wp1448364
- Jouni -
SG-500-28P How to view mac address table?
The standare Cisco IOS command is show mac-address-table. This command isn't available on this switch.
FW v1.3.0.62
Thanks.Show mac address-table
-
Maximum MAC address table size
Hello guys.
what is the maximum MAC address table for the Cisco 3750X series switches?Scalability Numbers
MAC, routing, security, and QoS scalability numbers depend on the type template used in the switch. Routing template is not supported in the LAN Base feature set. Table 10 shows Cisco Catalyst 3750-X and 3560-X Series Switch scalability numbers.
Cisco Catalyst 3750-X and 3560-X Series Switch Scalability Numbers
Access
Default
Routing
VLAN
Unicast MAC addresses
4K
6K
3K
12K
IGMP groups and multicast routes
1K
1K
1K
1K
Unicast routes
6K
8K
11K
0
Directly connected hosts
4K
6K
3K
0
Indirect routes
2K
2K
8K
0
Policy-based routing ACEs
0.5K
0
0.5K
0
QoS classification ACEs
0.5K
0.5K
0.5K
0.5K
Security ACEs
2K
1K
1K
1K
VLANs
1K
1K
1K
1K -
Hello,
In one of our core switches, the output of the mac-address-table shows some mac addresses which come up as MPLS Multicast address when I looked them up under MAC Manufacturer(See below). Also, in the mac-address-table under the port column, those mac addresses display several ports associated with them and the word Router(see attachement). My question is, why are these MAC addresses come up as MPLS Multicast and why under the ports is it has the word Router?
Thanks in advance...
Prefix
Vendor
01005E
Internet Multicast (01:00:5E:00:00:00 to 01:00:5E:7F:FF:FF)
01005E
MPLS Multicast (01:00:5E:80:00:00 to 01:00:5E:8F:FF:FF)
01005E
Internet reserved by IANA (01:00:5E:90:00:00 to 01:00:5E:FF:FF:FF)
01005E
Internet reserved by IANA (01:00:5E:90:00:00 to 01:00:5E:FF:FF:FF)
01005E
MPLS Multicast (01:00:5E:80:00:00 to 01:00:5E:8F:FF:FF)
01005E
Internet Multicast (01:00:5E:00:00:00 to 01:00:5E:7F:FF:FF)Hi,
Yes multiple MAC addresses are supported on each port. The switch learns the MAC by noting the source address of the packet received on each port and on that basis it builds what we call MAC address table. There is an aging mechanism in place which removes the inactive MAC addresses and allows new ones to be learned as devices are connected and disconnected.
The default aging time is 300 seconds, however if need arises you can change the same by giving the command - 'mac address-table aging time number vlan vlan-id'.
Have a look at the following link-->
http://www.cisco.com/en/US/products/hw/switches/ps5213/products_configuration_guide_chapter09186a00801cdf85.html#wp1063713
Hope this helps!
Regards,
AbhisheK
Please rate all helpful posts!!! -
Mac address table to vm name mapping
Is there a command that will show the mac address table to vm name mapping from the fabric interconnect or the nexus 1k?
Register to Ciscolive365 and download BRKCOM-3003 , which has answers to all your questions.
-
Cat 2960 shows mac address port as "Drop"
Hi all
I am configuring a Cat 2960 port for connecting a VOIP phone, authenticated by MAB. On connecting the phone, I get the port authenticated and assigned to the correct VLAN, with LLDP-MED advertising the correct voice vlan. However, I then see no traffic from the phone on the switch. I can see the MAC address of the phone is learned in the right VLANs, but the mac address is showing as "Drop", which normally means the address is statically configured to be blocked. There is no static mac address table blocking configured on the switch. Can anyone suggest why this is happening?
Switch Version
Switch Ports Model SW Version SW Image
* 1 50 WS-C2960-48TC-L 15.0(1)SE3 C2960-LANBASEK9-M
Port configuration
interface FastEthernet0/1
description "Standard user port"
switchport access vlan 9
switchport mode access
network-policy 1
no logging event link-status
srr-queue bandwidth share 5 10 40 55
priority-queue out
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication timer reauthenticate server
mab eap
mls qos trust dscp
no snmp trap link-status
macro description vanilla_port
dot1x pae authenticator
dot1x timeout tx-period 3
dot1x timeout supp-timeout 3
spanning-tree portfast
end
LLDP-MED network-policy
network-policy profile 1
voice vlan 835
Authentication (debug radius) result
Jul 30 11:42:19.600: %AUTHMGR-5-START: Starting 'mab' for client (0004.f297.6668) on Interface Fa0/1 AuditSessionID 0AF0042200000063616A0592
Jul 30 11:42:19.650: %MAB-5-SUCCESS: Authentication successful for client (0004.f297.6668) on Interface Fa0/1 AuditSessionID 0AF0042200000063616A0592
Jul 30 11:42:19.650: %AUTHMGR-7-RESULT: Authentication result 'success' from 'mab' for client (0004.f297.6668) on Interface Fa0/1 AuditSessionID 0AF0042200000063616A0592
Jul 30 11:42:20.682: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0004.f297.6668) on Interface Fa0/1 AuditSessionID 0AF0042200000063616A0592
Resulting Switchport config - voice vlan is 835
CLBdg640Test-AS2960-0#show int fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 9 (NATIVE-DISCARD)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 835 (VOICE)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
LLDP neighbor info showing voice vlan 835
CLBdg640Test-AS2960-0#sh lldp neighbors fa0/1 detail
Chassis id: 0.0.0.0
Port id: 0004.f297.6668
Port Description - not advertised
System Name - not advertised
System Description - not advertised
Time remaining: 3558 seconds
System Capabilities: T
Enabled Capabilities: T
Management Addresses - not advertised
Auto Negotiation - supported, enabled
Physical media capabilities:
100base-T2(HD)
100base-TX(FD)
100base-T4
10base-T(FD)
Media Attachment Unit type - not advertised
Vlan ID: - not advertised
MED Information:
MED Codes:
(NP) Network Policy, (LI) Location Identification
(PS) Power Source Entity, (PD) Power Device
(IN) Inventory
Inventory information - not advertised
Capabilities: NP
Device type: Endpoint Class III
Network Policy(Voice): VLAN 835, tagged, Layer-2 priority: 5, DSCP: 46
PD device, Power source: PSE, Power Priority: High, Wattage: 6.5
Location - not advertised
Total entries displayed: 1
MAC address table showing "Drop" port for learned address in VLAN 835
CLBdg640Test-AS2960-0#sh mac address-table address 0004.f297.6668
Mac Address Table
Vlan Mac Address Type Ports
9 0004.f297.6668 STATIC Fa0/1
835 0004.f297.6668 DYNAMIC Drop
Total Mac Addresses for this criterion: 2Thanks for updating the problem raarons!
Maybe you are looking for
-
OS will not boot after Snow Leopard Upgrade
I have a MacPro (Intel). I just upgraded to Snow Leopard and everything appeared fine. However, after restarting my computer the OS will not load. A circle with a hash through it replaces the Apple logo and the apple's spinning wheel continues but al
-
Managing the Authorization Database in OS X Mavericks
Hi, Since i updated to os 10.9, i had to change my script which helps me to create a powerusers group, which has more rights than a normal user. It was no problem to change in the most rules the group key from admin to powerusers. I did this with the
-
Order status in Backorderd. how to get it to "Shipped" status
Hi Friends, I am new to Order Management(12.1.3). Initially trying to learn the O2C process. As part of that I am using the vision instance 1> Created the Sales order 2> Booked the Sales order 3> Trying to Release the Sales order. The order line stat
-
Option 1: Insert statement with: table mode: NOLOGGING insert mode: APPEND archivelog mode: noarchive log mode Option 2: CTAS with NOLOGGING mode Both options above would generate no redo log. Which one is better for performance? I'm lo
-
Imac to MBA file transfer and cable type?
transferring files from imac 2011 macbook air 2012. What cable do i need and what is the best method? MBA has thunderbolt and imac has fire port.