Re: Mac Address\IP Bunding on Cisco 3560
I was searching for an option on the Cisco 3560 to statically assign an ip address on a particlar host on a vlan1 as an example. Currently the 3560 is DHCP enabled.
ip dhcp excluded-address 10.x.x.x 10.x.x.x
ip dhcp pool 1
network 10.x.x.0 255.255.255.255
domain-name northamerica.corporate-domain.net
dns-server 10.x.x.x 10.x.x.x
netbios-name-server 255.66.175.255
default-router 10.x.x.1
lease 0 12
What would the command be to bind a reserved ip for a host with the mac of xxxx.xxxx.xxx.xxxx
Thanks.
-fz
Actually, you can use a TFTP server...
First of all, create a text file using a text editor (call it 'dhcpstatic', for instance) with the following contents (don't include the dashes):
*time* Jan 21 2005 03:52 PM
*version* 1
!IP address Type Hardware address Lease expiration
172.16.12.100 /24 1 0011.4342.e9a5 Infinite
Then do the following:
no service dhcp
ip dhcp pool pool1
network 172.16.12.0 255.255.255.0
domain-name xxxdomain.com
dns-server 172.16.12.20 172.16.12.21
netbios-name-server x.x.x.x
default-router 172.16.12.1
lease 0 12
origin file tftp:///dhcpstatic
Then do a 'service dhcp'...
Once you have this working, we can do a further optimisation by storing the file on your switch so that you don't need to use a TFTP server...
Hope that helps - pls rate the post if it does.
Paresh
Similar Messages
-
Mac-Address Different format for Authorization on Cisco ISE
Dear All,
I have problem with my Cisco ISE,
This is the design :
ISE ---- Core Switch ---- 3Com Switch --- PC User
My Case:
Authorization is based on Mac-address and Active Directory,
But user with PC that connect to 3Com swtich is Deny by ISE because the Format Mac-address is different with Cisco,
Mac-address Cisco format : XX:XX:XX:XX:XX:XX
Mac-address 3Com format : XXXX-XXXX-XXXX
3Com Switch type is TRICOM 4210 26-PORT.
Anyone have experience with this? and how change the mac-address format in 3Com so user can authorized by Cisco ISE.
note:
authorization based on Active Directory is not problem with 3Com Switch.
Based on my experience, Different product is different format mac-address, so this case not only for 3Com Switch.
Thanks,
Arika WahyonoI do not think Cisco will add these vendors to the supported switch matrix because then it would be a support issue that cisco would have to deal with, much like most of the AD issues I experienced when I worked in TAC. Your best bet would be to run the evaluation license instance in a lab and have a 3com switch point against that.
Other than that I do not recommend upgrading to 1.2 without validating that the new "multi-vendor" MAB support will work on your switch.
PS- Keep in mind that my comments is just my opinion so you may need to open a TAC case for an official answer.
Tarik Admani
*Please rate helpful posts* -
Cisco Aironet Remove Local MAC Address List (all)
Hi All,
I need to remove all MAC addresses in the LOCAL MAC Address List on a Cisco Aironet. I do not want to remove running config on the device as we have changed over to a RADIUS Server.
Can anyone give me some advice please?I have found a solution, please close this forum post.
-
Maximum MAC address table size
Hello guys.
what is the maximum MAC address table for the Cisco 3750X series switches?Scalability Numbers
MAC, routing, security, and QoS scalability numbers depend on the type template used in the switch. Routing template is not supported in the LAN Base feature set. Table 10 shows Cisco Catalyst 3750-X and 3560-X Series Switch scalability numbers.
Cisco Catalyst 3750-X and 3560-X Series Switch Scalability Numbers
Access
Default
Routing
VLAN
Unicast MAC addresses
4K
6K
3K
12K
IGMP groups and multicast routes
1K
1K
1K
1K
Unicast routes
6K
8K
11K
0
Directly connected hosts
4K
6K
3K
0
Indirect routes
2K
2K
8K
0
Policy-based routing ACEs
0.5K
0
0.5K
0
QoS classification ACEs
0.5K
0.5K
0.5K
0.5K
Security ACEs
2K
1K
1K
1K
VLANs
1K
1K
1K
1K -
Arp/mac address cache timeouts
Anybody know how long a mac address stays in a Cisco IOS arp cache when issuing "show ip arp"? How about a mac address in a CatOS switch when issuing "show cam dynamic". What constitutes the length of time an arp entry is cached?
Hello,
the default ARP timeout (show ip arp) is 14400 seconds, which equals 4 hours. The CAM default agingtime (show cam dynamic) is 300 seconds, which equals 5 minutes. That means that the ARP or CAM entry will stay in the cache for a minimum of 4 hours and 5 minutes, respectively...
Is that what you are asking ?
Regards,
GP -
Extended 48-bit MAC address access list
How can I apply extended 48-bit MAC address access list on Cisco 7606?
You can use the following example for the MAC address based access list :
mac access-list extended CAPTURE 10
permit any any
vlan access-map IDS 10
match mac address CAPTURE
action forward capture
vlan filter IDS vlan-list 115,119
interface FastEthernet 3/48
switchport
switchport capture -
Understanding Wireless Mac Address
Hi,
I would like to know te range of mac address used for only Cisco Wireless, and I would appreciate to know how the ap and the controler assign the virtual mac address they use and how to get them from the WLC gui.
WLC - 4400
AP - Air1131
ThanksAs you add SSIDs (Service Set Identification(s)) to an access point each BSSID (Basic Service Set Identifier) receives a virtual mac address. This allows for wireless network segmentation as well as for wireless clients to communicate via LAYER 2 with each access point BSSID.
A Cisco access point takes the base radio mac address and then virtualizes the mac address as additional SSIDs are added. What is interesting is how the virtual MAC addresses are selected. Pay very close attention to the 2.4GHz and 5 GHz radios and BSSIDs.
BASE RADIO MAC ADDRESS
You can find the base radio mac address under WIRELESS->Select Access Point
Virtualized BSSID(s)
I configured a controller with 16 SSIDs. Each SSID named as 01,02,03,04,05,06, 07,08,09,10,11,12,13,14,15 and 16. I then enabled both the 2.4 GHz and 5 GHz radios. Cisco WLC access points have a limit of 16 SSIDs on each radio.
I then fired up AirMagnet WiFi Analyzer Pro to conduct a capture.
Note: The access point base radio mac address ends in A9:10.
2.4 GHz – Notice the first SSID ‘01’ is assigned the BASE RADIO MAC ADDRESS A9:10. The second SSID is appended with a .11 and so on.
5GHz – Notice the sixteenth SSID ‘16’ is assigned the BASE RADIO MAC ADDRESS A9:10. The fifteenth SSID is appended with a .11 and so on.
NOTE: The VIRTUAL MAC ADDRESSES get reused by the access point on both the 2.4GHz and the 5GHz radios.
Virtualized BSSID Assignment
Keep in mind, the assignment or order in which the virtual mac addresses are assigned in the above example has nothing to do with the WLAN IDs that are configured in the WLC. Rather, the virtual mac addresses are assigned in order by how the SSID is assigned to the access point. -
How to configure a Cisco 3560 with MAC-based 802.1x authentication by radius server
Hi dearI
How can I configure a Cisco 3560 to authenticate a client based on its mac address with 802.1x and radius server. Many tanks in advance!Olivier,
You can't reference WLP visitor roles in weblogic.xml, but you can
reference global roles (created using the WLS console):
- <security-role-assignment>
<role-name>PortalSystemAdministrator</role-name>
<externally-defined />
</security-role-assignment>
-Phil
"Olivier" <[email protected]> wrote in message
news:[email protected]..
>
We need to have login page to our portal app.
When using "form based" authentication is it possible to map the securityon a
"entitlement role" ?
Our need is to be abled to give direct url acces to some pages of theportal (for
exemple by sending urls like"http://server/appcontextpath/appmanager/myportal/mydesktop?_nfpb=true&_page
Label=mypage")"
by email to portal users) and need a simple mecanism of authenticationbefore
redirecting to the portal page.
Inste -
Multipe mac addresses entries for the same port (FE)-Switch 3560
Dear All,
I have a problem with a host whitch is connected to 11 port of my cisco 3560. from time to time the, the connection is lost with the host and after some troubleshooting i see two entries of mac-address table for the port 11.
I'm asking if someone has an idee how to explain this issue and how to see if this port is participing to SPT or...
I see also somme error of collision :
===================================
5 minute input rate 1000 bits/sec, 2 packets/sec
5 minute output rate 7000 bits/sec, 1 packets/sec
64677029 packets input, 17167881111 bytes, 0 no buffer
Received 39036768 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 39036088 multicast, 0 pause input
0 input packets with dribble condition detected
54722071 packets output, 8588329003 bytes, 0 underruns
0 output errors, 992 collisions, 1 interface resets
0 babbles, 2316 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
======================================
i have two routers in the same switch: my wan router + un other router used to conneced some separated hosts to internet.
If i use statif addressing for the second subnet (2 hosts + internet router), is there any risk for collision or broadcast domains or errors ?
is the second router distrub my LAN or WAN ?
Manay thanks for your help and support.
Best regards,Hello,
For the first part of the question, I guess somebody might be connecting a hub to that port. If the hub is not negotiating the speed/duplex with the 3560 switch, then that port will go to half-duplex mode and you will see collisions on the port. That might also explain why you are seeing multiple MAC addresses on that port. Please check the port to see if the hub is connected and remove it. You can use features like port-security to ensure only one MAC address is registered on that port and people are not connecting hubs/dumb switches on that port.
For the second issue, you can certainly use static IP addresses as long as they are not overlapping with other subnets in your network. If they are overlapping, you do need to configure NAT on the router so that they are not affecting rest of the network.
Hope this helps.
Regards,
NT -
Cisco ISE 1.1.4 Patch 7 (Internal Endpoint Mac Addresses Getting Disppeared)
Hi Folks,
I am having issue that mac addresses which we are trying to add under Internal Endpoint Group for MAB getting disappear automatically after few minutes. We tried multiple mac addresses but result same. We can see the mac address which we added earlier but new mac address getting disappear. Is there any limit to add mac address under Internal Endpoint. We have following licenses.
L-ISE-ADV-1K-M= Cisco ISE 1000 EndPoint Advanced + Base Migration License
ThanksTabish,
We'll update the latest patch and then look for the work around from any one of our Cisco experts -
Cisco Aiornet 1042 with MAC address
Hi,
I have a Cisco Aiornet, model AIR-AP1042N-E-K9.
I need to configure the AP to only certain MAC access.
I'm doing the configuration through the console.
The wireless network is not showing up in devices, anyone know why?
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap_disi
logging rate-limit console 9
enable secret 5 xxxxx.
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
no ip routing
no ip cef
dot11 syslog
dot11 ssid DISI-WLAN24
authentication open
dot11 ssid DISIWIFI
authentication open mac-address mac_methods
authentication key-management wpa version 2
infrastructure-ssid
dot11 guest
username Cisco password 7 xxxx
username Admin privilege 15 password 7 xxxx
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
ssid DISI-WLAN24
ssid DISIWIFI
antenna gain 0
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
station-role root
l2-filter bridge-group-acl
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1
description AP SITAS
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
ssid DISIWIFI
antenna gain 0
peakdetect
no dfs band block
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
l2-filter bridge-group-acl
no keepalive
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface BVI1
ip address 192.168.0.252 255.255.254.0
no ip route-cache
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
ip default-gateway 192.168.1.254
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
access-list 700 permit 8830.8a24.7eb5 0000.0000.0000
access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
snmp-server view dot11view ieee802dot11 included
snmp-server community public view dot11view RO
snmp-server location DISI
snmp-server contact SITAS
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps cpu threshold
snmp-server enable traps aaa_server
snmp-server host 192.168.1.6 public
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
transport input all
sntp server 192.168.1.215
sntp broadcast client
endPlease refer: http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-4-25d-JA/Configuration/guide/cg_12_4_25d_JA/scg12-4-25d-JA-chap16-filters.html#wp1034897
-
Sh mac-address command in Cisco RSP4
Hello guys,
Need your ideas on how to know to which port a device connected to using mac-address information on Cisco DLSw RSP4.
I did tried using command "sh mac-address add" but it is not recognized in this IOS.
See below outputs:
RSP-Core#sh ver
Cisco Internetwork Operating System Software
IOS (tm) RSP Software (RSP-DSV-M), Version 12.1(13), RELEASE SOFTWARE (fc3)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 30-Jan-02 13:58 by kellythw
Image text-base: 0x60010958, data-base: 0x61186000
cisco RSP4 (R5000) processor with 131072K/2072K bytes of memory. >>>>>>>>>
R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache
RSP-Core>sh ip arp tok 1/1/0
Protocol Address Age (min) Hardware Addr Type Interface
Internet 146.X.3.76 5 0060.9435.63e2 SNAP TokenRing1/1/0
Internet 146.X.3.77 5 4000.2030.2410 SNAP TokenRing1/1/0
RSP-Core#sh mac-address add ?
% Unrecognized command
RSP-Core#sh mac-Interesting hardware you have there.
Is this perhaps a cat 5xxx with an RSM module?
In that case, the RSM is in fact a router blade.
The command "sh mac-adress " is only found on switches. This info is there already but you need to get it from the supervisor which will be running CatOS.
http://www.cisco.com/en/US/docs/switches/lan/catalyst5000/catos/4.5/configuration/guide/5000_cfg.html
regards,
Leo -
Cisco WLC Client MAC address backup to new Controller & ISE
Hi All,
We have an existing 4400 controller with MAC filtering for clients configured. Right Now, we are migrating to 5500 WLC and ISE setup.
We want to use MAC filtering due to company policies on the new Controller as well as ISE.
Is there a way (from GUI/CLI) that we can export the client MAC Addresses into an Excel file from existing WLC to new WLC & ISE?
Thanks,
CJOn the CLI issue a show macfilter summary and then import that into excel or a text editor.
Sent from Cisco Technical Support iPhone App -
MAC Address FF:FF:FF:FF:FF:FF on a Cisco 7920
Hi!
Maybe someone of you can help me about my problem. I have my 7920 that can not authenticate to the CallManager and no signal for wireless is detected. When checking the Mac address I could see that it reflects ff:ff:ff:ff:ff:ff
Can this be fixed? How?
Thank you,
Oscar.Try upgrading the firmware through the Configuration Utility.
http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7920/3_3/english/administration/guide/7920frm.html -
Mac-Address Locking on ML-1000 for the Cisco 15454
Does anyone know if you can do mac-address locking on the ML-1000 card on the Cisco 15454. I would like to enter the command "mac-address-table secure", but it does not look like it is possible to do this.
Thanks,
EricThe command is not supported on the ML-1000 card.
Maybe you are looking for
-
Trouble with focus, swing & keyListener
can anybody out there help me with this problem, I got stuck with: I create a JDialog in a JFrame & would like to add Keylistener to the JDialog as soon as it opens..........but the it doesn't seem to be working....
-
im trying to implement the html paypal code into my website but when the user clicks the link, i need it to open in a new browser window.. heres the code, i know i need to insert a target=_blank but im not having any luck.. <form name="_xclick" actio
-
Error message on "Sharing" Project
A recently made Project that was easily exported: Share->Media Browser->HD 720. So I know I can do this and have done it may times in the past. However if I go back and work (retool) on a project from say a couple years ago, and I try same exporting
-
Problem with output from report to excel, calling the report from form 10g
Hi everyone, I'm having a problem generating a excel from a report, which is called from a form, I'm using Forms 10g. The problem is this: My report has a variable number of columns. These columns appear according to data obtained from the database,
-
Mouse movment while clicking not detected
I have a Java Swing program that was built using the Netbeans IDE. I notice that the bottons all work is I hold the mouse still while I click but if the mouse is moving while the click happens my software never sees the click event. User complain tha