Show mac-address-table not working on ASA5512

Similar Messages

• CNA 5.5 and show mac address-table

  When trying to Monitor/Search for MAC address in C2960 network I got an error reply that a CLI command is not supported. Analyzing network traffic shows that CNA 5.5 is issueing 'show mac-address-table' command but the latest Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(55)SE does not support 'show mac-address-table' anymore but does support 'show mac address-table' command. How can I change the command for showing mac address tables in CNA 5.5?
  M.

  hi john,
  the show mac-address-table command should be valid.
  check if you've got MAC learning enabled on the ASA interface using show mac-learn command.
  edit: could you post show firewall? the above command works on transparent firewall only.

• Show mac-address-table

  Given the command show mac-address-table from the privilege exec mode in a cat 2950, the output shows some (i think 4) mac-address tha are system. Do u have any idea what are these mac?

  Hi Dimitris,
  Thanks for writing in. I tried the command on my switch and got the following: Do you see a similar output and is this what you are referring to?
  2950#sh mac-address-table
  Mac Address Table
  Vlan Mac Address Type Ports
  All 0009.7c70.f9c0 STATIC CPU
  All 0100.0ccc.cccc STATIC CPU
  All 0100.0ccc.cccd STATIC CPU
  All 0100.0cdd.dddd STATIC CPU
  0100.0ccc.cccc is used for CDP/VTP/DTP/PAgP/UDLD
  0100.0ccc.cccd is used for PVST+
  0100.0cdd.dddd seems to be related to multicast, however need to confirm on this.
  0009.7c70.f9c0 is the mac address for my management vlan interface.
  2950#sh int vlan 1
  Vlan1 is administratively down, line protocol is down Hardware is CPU Interface, address is 0009.7c70.f9c0 (bia 0009.7c70.f9c0)
  Hope this helps.
  regards
  -Alok

• Airport Express WiFi network MAC address filtering not working

  I have an Airport Express WiFi network which I bought and installed new in 2011. Initially I enabled MAC address access control and populated a list. It was working perfectly, I know, because a niece visiting tried to connect her iPhone and could not until  I added its MAC address to the allowed list. Now however, anyone can connect without being added to the list. I think I read somewhere that a recent firmware update permanently disabled MAC filtering in Airport Express, even when it was previously working? Can anyone enlighten me about what's going on here?

  In a sense those are/were/should operate as two separate functions, which they did before recently.
  They do operate as two separate functions.....but it all depends on how you have the default rule setup in Timed Access.
  If the default rule in Timed Access is set to No Access.......then a wireless device cannot connect....even it has the password for the network.....unless it has been setup on the list of allowed devices in Timed Access.
  I have checked this 3 times this evening to verify. It works as it always has, and as expected.
  If the default rule in Timed Access is set to Unlimited, then any device can connect to the network if it has the password. Devices that are listed or specified in Timed Access will be allowed to connect at the specific times that have been set up for each device.
  So, if you want to use the more traditional MAC Access Control settings, the default rule has to be set to No Access and then you must set up a rule for each device that you want to allow to connect to the network. Only devices on the Timed Access list will be allowed to connect to the network. Other devices will not be able to connect to the network....even if they have the correct password.
  If a recent firmware update has changed things from what they have always been.....then I am not affected....and I should be if I am using the same firmware as others.

• Show Mac Address Table in ASR9k running XR

  I'm trying to find a Mac Address in the ASR9k table.  We have a server with multiple mac addresses and we need to know what MAC is being learned by what interface.
  Thank you,

  Use the command
  show l2vpn forwarding bridge-domain <group_number>:<domain_name> mac-address location 0/x/CPU0
  or
  show l2vpn forwarding bridge-domain mac-address location 0/x/CPU0

• CSCui55504 - show Mac address table from RP gives an error msg and40;but from SP works )

  Hello Cisco,
  Is there any updates or ETA regarding this bug, as our production 6500 core switch is experiencing this issue and viewing mac-table is a critical activity we perform everyday to troubleshoot client connections.

  I'm having this same issue. I also have this line in my log, which is curious:
  12/14/14 7:13:07.822 PM netbiosd[16766]: Attempt to use XPC with a MachService that has HideUntilCheckIn set. This will result in unpredictable behavior: com.apple.smbd
  Is this related to the problem? What does it mean?
  My 2010 27" iMac running Yosemite won't wake up from sleep.

• Mac address table corruption?

  We are running Cisco 4500 chassis at the access layer, and have been for a few years without issue. Recently we started to experience issues where a mac address will just randomly "jump" to another port. User will call us and say their computer is not working. We will locate the mac, and its showing on the wrong port. We shut that port, do a no shut, and the mac jumps back to the correct port. In the example below, the mac address jumps to port 3/2, but is physically connected to 2/12.
  !--issue before shut/no shut
  mdf#show mac address-table | inc 9ebf
   236      782b.cb8c.9ebf    static ip,ipx,assigned,other GigabitEthernet3/2  
  !--port security knows the correct info however
  mdf#show ip dhcp snooping  binding | inc 9E:BF
  78:2B:CB:8C:9E:BF   xxx.xxx.236.193   76145       dhcp-snooping   236   GigabitEthernet2/12
  mdf#show mac address-table int gi2/12
  Unicast Entries
   vlan     mac address     type        protocols               port
  ---------+---------------+--------+---------------------+-------------------------
  3908      20bb.c021.ae58    static ip,ipx,assigned,other GigabitEthernet2/12   !--ip phone
  mdf#show mac address-table int gi3/2
  Unicast Entries
   vlan     mac address     type        protocols               port
  ---------+---------------+--------+---------------------+-------------------------
   236      1803.7339.d93d    static ip,ipx,assigned,other GigabitEthernet3/2         
   236      782b.cb8c.9ebf    static ip,ipx,assigned,other GigabitEthernet3/2         !--mac in question
   236      782b.cb8c.c366    static ip,ipx,assigned,other GigabitEthernet3/2         
  3908      b414.89a2.2ae0    static ip,ipx,assigned,other GigabitEthernet3/2   
  !--fixing issue
  mdf(config)#int gi3/2
  mdf(config-if)#shut
  !-- issue resolved
  mdf#show mac address-table | inc 9ebf
   236      782b.cb8c.9ebf    static ip,ipx,assigned,other GigabitEthernet2/12
  Switch is running cat4500e-entservicesk9-mz.151-2.SG2.bin , but also happened on cat4500e-entservicesk9-mz.151-2.SG4.bin and cat4500e-entservicesk9-mz.150-2.SG4.bin. Other switches have also had this issue occur.

  Looks to be me like a bug.
  could you please provide me some more details on this:
  1- How often this issue is occurring?
  2- Is this occurring to specific ports or specific laptops which are connecting to this ports or is it irrespective of devices?
  3- Is there any possibilities that you try rebooting one of the switch if the issue is very often? (I know this is not a feasible solution , I know it is some issue iwth the firmware but in case to avoid high impact you can reboot the switch and update me?
  4- Provide me with the logs from the switch?
  5- I will do the bug scrub and let you know.
  HTH

• 6509E with Sup720 - Show mac address

  I have seen very strange behavior. The following two commands show different outputs...
  core2#sho mac address-table dynamic | in cc04
       7  0009.0fbb.cc04   dynamic  Yes        150   Po10
  core2#sho mac address-table address 0009.0fbb.cc04
  Legend: * - primary entry
          age - seconds since last seen
          n/a - not available
    vlan   mac address     type    learn     age              ports
  ------+----------------+--------+-----+----------+--------------------------
  No entries present.
  Po10 is etherchannel to core1. The MAC address is on the core2 and should never be learned on core1. Core1 doesn't learn this MAC address at all.
  The commands are run at the same time. I repeated many times and it is the same... Any idea why?
  Thanks!
  Difan

  Hi Jon,
  Correct, I am not using VSS. However it is not standard set up. The vlan 7 is extended to many other switches. The root is actually not core1 or core2. It also passes some provider to different location as well. However like you said, all the correct ports are blocked. Please trust me on this.. If there is a loop, we will have much more serious problem... At least our CPU will hike and link will congested, right?
  I know your concern that the same packet could be somehow loopped back through core1, which makes core2 to learn the MAC on the port-channel interface to core1. However when this happens, core1 doesn't learn the MAC anywhere and on core2 some command show the MAC but not the other command...
  Also something interesting, even that MAC in the command will eventually disappear. Please note the aging time. The aging time configured on the vlan is 480 seconds. At last the MAC address is pointing to another interface like G1/1. That interface doesn't even have vlan 7 allowed on the trunk link.
  core2#sho mac address-table address 0009.0fbb.cc04
  Legend: * - primary entry
          age - seconds since last seen
          n/a - not available
    vlan   mac address     type    learn     age              ports
  ------+----------------+--------+-----+----------+--------------------------
  No entries present.
  core2#
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        285   Po10
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        290   Po10
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        300   Po10
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        305   Po10
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        315   Po10
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        320   Po10
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        320   Po10
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        330   Po10
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        335   Po10
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        340   Po10
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        375   Po10
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        405   Po10
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        425   Po10
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        465   Gi1/1
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        480   Gi1/1
  core2#show mac address-table | in 0009.0fbb.cc04
       7  0009.0fbb.cc04   dynamic  Yes        480   Gi1/1
  core2#show mac address-table | in 0009.0fbb.cc04
  core2#show mac address-table | in 0009.0fbb.cc04
  core2#sho mac address-table address 0009.0fbb.cc04
  Legend: * - primary entry
          age - seconds since last seen
          n/a - not available
    vlan   mac address     type    learn     age              ports
  ------+----------------+--------+-----+----------+--------------------------
  No entries present.
  core2#sh int g1/1 trunk
  Port                Mode         Encapsulation  Status        Native vlan
  Gi1/1               on           802.1q         trunking      1
  Port                Vlans allowed on trunk
  Gi1/1               64,72,156,214-216,300,600
  Port                Vlans allowed and active in management domain
  Gi1/1               64,72,156,214-216,300,600
  Port                Vlans in spanning tree forwarding state and not pruned
  Gi1/1               64,72,156,214-216,300,600
  Is it a bug?
  Thanks!

• Can't clear mac address table from interface

  hello all.
  I'm facing a problem, and i've also tried to workaround but not sucessfully.
  I've got a polycom phone on the swich. When I connect a laptop on that port, the mac address is learned by the switch and keep the mac address even if I disconnect the ethernet cable from that port and if I try to connect the same laptop on other port on the same switch I've got errdisable error in the last connected port. Although I was figuring out what's wrong and seems that the mac address is kept for some reason in the first port.
  sw02#show mac address-table interface f0/19
            Mac Address Table
  Vlan    Mac Address       Type        Ports
   60   3c07.5417.9069   STATIC      Fa0/19 
   80    0004.f21e.afa7    STATIC      Fa0/19 
  this is a 2960, Version 12.2(44r)SE4
  with a Polycom SoundPoint IP 330 connected on vlan 80
  I was searching to clear the mac address table on that interface but the IOS version didn't give me the static option
  sw02#clear mac address-table ?
    dynamic       dynamic entry type
    move          move keyword
    notification  Clear MAC notification Global Counters
  As there's no dynamic entries on that interface the mac addresses remain on the f0/19 interface.
  I've tried with other switches and with other laptops and is the same errdisable status.
  sw02#show run int f0/19
  interface FastEthernet0/19
   description VoIP
   switchport access vlan 60
   switchport mode access
   switchport nonegotiate
   switchport voice vlan 80
   switchport port-security maximum 5
   switchport port-security
   no snmp trap link-status
   ip dhcp snooping limit rate 100
  end
  any thought?

  the mac addresses are not manually configured.
  yes, that's my point. when I disconnect the ethernet cable the mac addresses are not flushed from the mac table.
  Although I don't understand why the mac addresses are kept in the interface, if I force the interface aging time to 1 min, the problem don't occur anymore.
  I was reviewing the switch config and I've got ports with aging time 0 (that learn and flush the mac addresses dynamically) and I've got ports with aging time 1 (that learn and flush the mac addresses at the end of 60 seconds)
  The problem is solved although I need to investigate this issue in other switch models and with other voip phones.
  Tks Jon and Julio

• Primary N7k cannot query MAC address table

  I try:
  show mac address-table
  show mac address-table <anything else>
  The command just hangs on:
  #sh mac address-table
  Legend:
          * - primary entry, G - Gateway MAC, (R) - Routed MAC
          age - seconds since last seen,+ - primary entry using vPC Peer-Link
     VLAN     MAC Address      Type      age     Secure NTFY    Ports
  ------------+-----------------------+-------------+---------+-----------+--------+------------------
  The secondary N7k does not have this issue.
  Rick

  Do you have a redundant/backup supervisor engine in the N7K?
  If so, try to failover to it - I have had instances where the MAC address for a specific host has become "stuck" in one supervisor engine, and the only solution was to failover to the second engine and restart the first.
  If you don't have a redundant engine, you may have to restart your supervisor engine with the "reload module x" command, or by simply restarting the switch. Note that if you've only got one supervisor module and you reload it, you will lose traffic while it reboots.
  Cheers

• Mac address table on a PIX

  What am i missing?
  pixfirewall# show mac-address-table
                     ^
  ERROR: % Invalid input detected at '^' marker.
  [EDIT: karat is under the A in mac ]
  pixfirewall# sh ver
  Cisco PIX Security Appliance Software Version 8.0(4)
  Device Manager Version 6.1(3)
  Compiled on Thu 07-Aug-08 19:42 by builders
  System image file is "flash:/image.bin"
  Config file at boot was "startup-config"
  pixfirewall up 175 days 11 hours
  Hardware:   PIX-525, 256 MB RAM, CPU Pentium III 600 MHz
  Flash E28F128J3 @ 0xfff00000, 16MB
  BIOS Flash AM29F400B @ 0xfffd8000, 32KB
  0: Ext: Ethernet0           : address is 000d.28f9.62a5, irq 10
  1: Ext: Ethernet1           : address is 000d.28f9.62a6, irq 11
  2: Ext: Ethernet2           : address is 000d.8810.a620, irq 11
  3: Ext: Ethernet3           : address is 000d.8810.a621, irq 10
  4: Ext: Ethernet4           : address is 000d.8810.a622, irq 9
  5: Ext: Ethernet5           : address is 000d.8810.a623, irq 5
  Licensed features for this platform:
  Maximum Physical Interfaces  : 6
  Maximum VLANs                : 25
  Inside Hosts                 : Unlimited
  Failover                     : Disabled
  VPN-DES                      : Enabled
  VPN-3DES-AES                 : Enabled
  Cut-through Proxy            : Enabled
  Guards                       : Enabled
  URL Filtering                : Enabled
  Security Contexts            : 0
  GTP/GPRS                     : Disabled
  VPN Peers                    : Unlimited
  This platform has a Restricted (R) license.
  Serial Number: 807234146
  Running Activation Key: 0x6ab205ba 0x986d4239 0xf56523af 0x76f3d58b
  Configuration last modified by enable_15 at 12:58:08.130 EDT Thu May 16 2013
  pixfirewall# show mac-address-table
                     ^
  ERROR: % Invalid input detected at '^' marker.

  Hi,
  Command Modes The following table shows the modes in which you can enter the command:
  Command Mode
  Firewall Mode
  Security Context
  Routed
  Transparent
  Single
  Multiple
  Context
  System
  Privileged EXEC
  Source:
  http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s4.html#wp1448364
  - Jouni

• SG-500-28P How to view mac address table?

  The standare Cisco IOS command is show mac-address-table. This command isn't available on this switch.
  FW v1.3.0.62
  Thanks.

  Show mac address-table

• Maximum MAC address table size

  Hello guys.
  what is the maximum MAC address table for the Cisco 3750X series switches?

  Scalability Numbers
  MAC, routing, security, and QoS scalability numbers depend on the  type template used in the switch. Routing template is not supported in  the LAN Base feature set. Table 10 shows Cisco Catalyst 3750-X and  3560-X Series Switch scalability numbers.
  Cisco Catalyst 3750-X and 3560-X Series Switch Scalability Numbers    
  Access
  Default
  Routing
  VLAN
  Unicast MAC addresses
  4K
  6K
  3K
  12K
  IGMP groups and multicast routes
  1K
  1K
  1K
  1K
  Unicast routes
  6K
  8K
  11K
  0
  Directly connected hosts
  4K
  6K
  3K
  0
  Indirect routes
  2K
  2K
  8K
  0
  Policy-based routing ACEs
  0.5K
  0
  0.5K
  0
  QoS classification ACEs
  0.5K
  0.5K
  0.5K
  0.5K
  Security ACEs
  2K
  1K
  1K
  1K
  VLANs
  1K
  1K
  1K
  1K

• Why "mac-address-table static 0000.0c07.ac01 interface FastEthernet1/0 vlan 3" in the router ?

  Hi All
  I did not type the following command. Why does it appear when I show run ? Which command can cause the issue? Thank you
  mac-address-table static 0000.0c07.ac01 interface FastEthernet1/0 vlan 3

  Hello,
  It looks as if you have HSRP configured.  Mac address 0000.0c07.ac01 is the HSRP virtual mac address.  01 at the end of the mac represents the HSRP group number.
  Hope this helps,
  Please rate helpful answers.
  Thanks.

• Cat 2960 shows mac address port as "Drop"

  Hi all
  I am configuring a Cat 2960 port for connecting a VOIP phone, authenticated by MAB.  On connecting the phone, I get the port authenticated and assigned to the correct VLAN, with LLDP-MED advertising the correct voice vlan.  However, I then see no traffic from the phone on the switch.  I can see the MAC address of the phone is learned in the right VLANs, but the mac address is showing as "Drop", which normally means the address is statically configured to be blocked.  There is no static mac address table blocking configured on the switch.   Can anyone suggest why this is happening?
  Switch Version
  Switch Ports Model              SW Version            SW Image
  *    1 50    WS-C2960-48TC-L    15.0(1)SE3            C2960-LANBASEK9-M
  Port configuration
  interface FastEthernet0/1
  description "Standard user port"
  switchport access vlan 9
  switchport mode access
  network-policy 1
  no logging event link-status
  srr-queue bandwidth share 5 10 40 55
  priority-queue out
  authentication host-mode multi-auth
  authentication order dot1x mab
  authentication priority dot1x mab
  authentication port-control auto
  authentication timer reauthenticate server
  mab eap
  mls qos trust dscp
  no snmp trap link-status
  macro description vanilla_port
  dot1x pae authenticator
  dot1x timeout tx-period 3
  dot1x timeout supp-timeout 3
  spanning-tree portfast
  end
  LLDP-MED network-policy
  network-policy profile 1
  voice vlan 835
  Authentication (debug radius) result
  Jul 30 11:42:19.600: %AUTHMGR-5-START: Starting 'mab' for client (0004.f297.6668) on Interface Fa0/1 AuditSessionID 0AF0042200000063616A0592
  Jul 30 11:42:19.650: %MAB-5-SUCCESS: Authentication successful for client (0004.f297.6668) on Interface Fa0/1 AuditSessionID 0AF0042200000063616A0592
  Jul 30 11:42:19.650: %AUTHMGR-7-RESULT: Authentication result 'success' from 'mab' for client (0004.f297.6668) on Interface Fa0/1 AuditSessionID 0AF0042200000063616A0592
  Jul 30 11:42:20.682: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0004.f297.6668) on Interface Fa0/1 AuditSessionID 0AF0042200000063616A0592
  Resulting Switchport config - voice vlan is 835
  CLBdg640Test-AS2960-0#show int fa0/1 switchport
  Name: Fa0/1
  Switchport: Enabled
  Administrative Mode: static access
  Operational Mode: static access
  Administrative Trunking Encapsulation: dot1q
  Operational Trunking Encapsulation: native
  Negotiation of Trunking: Off
  Access Mode VLAN: 9 (NATIVE-DISCARD)
  Trunking Native Mode VLAN: 1 (default)
  Administrative Native VLAN tagging: enabled
  Voice VLAN: 835 (VOICE)
  Administrative private-vlan host-association: none
  Administrative private-vlan mapping: none
  Administrative private-vlan trunk native VLAN: none
  Administrative private-vlan trunk Native VLAN tagging: enabled
  Administrative private-vlan trunk encapsulation: dot1q
  Administrative private-vlan trunk normal VLANs: none
  Administrative private-vlan trunk associations: none
  Administrative private-vlan trunk mappings: none
  Operational private-vlan: none
  Trunking VLANs Enabled: ALL
  Pruning VLANs Enabled: 2-1001
  Capture Mode Disabled
  Capture VLANs Allowed: ALL
  Protected: false
  Unknown unicast blocked: disabled
  Unknown multicast blocked: disabled
  Appliance trust: none
  LLDP neighbor info showing voice vlan 835
  CLBdg640Test-AS2960-0#sh lldp neighbors fa0/1 detail
  Chassis id: 0.0.0.0
  Port id: 0004.f297.6668
  Port Description - not advertised
  System Name - not advertised
  System Description - not advertised
  Time remaining: 3558 seconds
  System Capabilities: T
  Enabled Capabilities: T
  Management Addresses - not advertised
  Auto Negotiation - supported, enabled
  Physical media capabilities:
      100base-T2(HD)
      100base-TX(FD)
      100base-T4
      10base-T(FD)
  Media Attachment Unit type - not advertised
  Vlan ID: - not advertised
  MED Information:
      MED Codes:
            (NP) Network Policy, (LI) Location Identification
            (PS) Power Source Entity, (PD) Power Device
            (IN) Inventory
      Inventory information - not advertised
      Capabilities: NP
      Device type: Endpoint Class III
      Network Policy(Voice): VLAN 835, tagged, Layer-2 priority: 5, DSCP: 46
      PD device, Power source: PSE, Power Priority: High, Wattage: 6.5
      Location - not advertised
  Total entries displayed: 1
  MAC address table showing "Drop" port for learned address in VLAN 835
  CLBdg640Test-AS2960-0#sh mac address-table address 0004.f297.6668
            Mac Address Table
  Vlan    Mac Address       Type        Ports
     9    0004.f297.6668    STATIC      Fa0/1
  835    0004.f297.6668    DYNAMIC     Drop
  Total Mac Addresses for this criterion: 2

  Thanks for updating the problem raarons!