I noticed something that I thought were a bit strange at work today. For some reason, all of the ports on the switch had the MAC address table entries as static, except the inter switch ports that had MAC addresses entered as dynamic. I checked with one of my colleagues at work, and he said that its entered as static when the device is connected directly to the switch, but dynamic when it is learned via another switch. I have had a look on the internet but nowhere seems to support this claim. My understanding was that its dynamic when the table is populated with the source MAC from a frame received on that interface, and static when you explicitly enter the entry yourself.

Could someone clarify this? I'm certain I've seen entries entered as dynamic when the device is connected directly to the switch,.

Thanks for your help!

What your coworker said is bullshit.

I've always understood it the same as you, but with the switchport MACs showing as static too, although after seeing some stuff last week, I'm not convinced that this is right either.

_________________
http://blog.alwaysthenetwork.com

port security with "sticky" might do this? Never used it myself, but it sounds vaguely familiar...

sounds right
what I remember of sticky is that it goes though and associates the MAC addresses currently connected to the port and puts them into the running config

_________________
Freedom to all the people. Brave, true and strong.
Freedom to all the people. Unless I think you're wrong

dhimes.com

What do you mean when you say 'with the switchport MACs showing as static too'? Are you refering to the CPU entries?

Chris - on one switch I noticed that 'switchport security' had been configured, but no security settings. I could move devices around to other ports with no trouble.

Thanks for your reply. I wasnt happy about the explanation he gave; just didnt sound right.

correct on sticky mac it will make the entry STATIC

another way is to enter a STATIC entry into the table, cool little known feature you can use this to DROP, nice way to block a MAC address:

Switch(config)#mac address-table static 0001.0002.0003 vlan 666 drop
Switch(config)#do sh mac address-table | i STATIC
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0180.c200.0000 STATIC CPU
All 0180.c200.0001 STATIC CPU
All 0180.c200.0002 STATIC CPU
All 0180.c200.0003 STATIC CPU
All 0180.c200.0004 STATIC CPU
All 0180.c200.0005 STATIC CPU
All 0180.c200.0006 STATIC CPU
All 0180.c200.0007 STATIC CPU
All 0180.c200.0008 STATIC CPU
All 0180.c200.0009 STATIC CPU
All 0180.c200.000a STATIC CPU
All 0180.c200.000b STATIC CPU
All 0180.c200.000c STATIC CPU
All 0180.c200.000d STATIC CPU
All 0180.c200.000e STATIC CPU
All 0180.c200.000f STATIC CPU
All 0180.c200.0010 STATIC CPU
All ffff.ffff.ffff STATIC CPU
44 00a0.2109.5290 STATIC Gi1/0/1
119 0013.7264.2676 STATIC Gi1/0/2
119 0060.160d.416f STATIC Gi1/0/4
119 0060.160d.62e4 STATIC Gi1/0/6
666 0001.0002.0003 STATIC Drop

Switch#sh run int g1/0/6 | i mac-address
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0060.160d.62e4

_________________
"With sufficient thrust, pigs fly just fine..." - RFC 1925

All the ports on the switch has the mac address table entries as static and inter switch ports as dynamic , this is strange but is true atleast for catalyst 3560 & 2960 as it has happened in my case . I havent made any entry as static though it is showing as static in mac address table.

Are you using port security on the switches showing as static entries?

_________________
---
David
CCIE R&S #38338, CCIP, CCNP

http://networkbroadcast.co.uk - My Blog
http://twitter.com/davidrothera

I have the same issue like yours too.
It will list as static whereby i have not configured any static mac on my router.
As far as i understand, once the frame enters, it will list out the source mac and this will be populated in the CAM table as dynamic but instead, this will be on static and funny thing is no static mac has been configured.

Any idea peeps ? i have input port security inside my configs

Do you have anything like 'switchport port-security mac-address sticky' in your config anywhere?

_________________
---
David
CCIE R&S #38338, CCIP, CCNP

http://networkbroadcast.co.uk - My Blog
http://twitter.com/davidrothera

What version of IOS are you using? You might have a buggy dev version or something. IOS just doesnt make static MAC's unless you instruct it to in various ways.

Why not post a sanitized config here for us to look at. I am not expert but I really know my way around a switch.

_________________
Awesomesauce!!!!

xxxx#sh mac-address-table int fastEthernet 1/10

Legend: * - primary entry

age - seconds since last seen

n/a - not available



vlan mac address type learn age ports

------+----------------+--------+-----+----------+--------------------------

Module 3:

* 2110 0026.cb7c.9950 static Yes - Fa1/10

Module 4:

* 2110 0026.cb7c.9950 static Yes - Fa1/10

Active Supervisor:

* 2110 0026.cb7c.9950 static Yes - Fa1/10

Standby Supervisor:

* 2110 0026.cb7c.9950 static Yes - Fa1/10



xxxx#sh run | i mac-address

mac-address-table synchronize

mac-address-table aging-time 480

mac-address-table static 0018.6300.1cd1 vlan 2802 interface FastEthernet8/2

mac-address-table static 0018.6300.1cd1 vlan 2928 interface FastEthernet9/28

xxxx#

xxxx#sh int fa1/10

FastEthernet1/10 is up, line protocol is up (connected)

Hardware is C7600 100Mb 802.3, address is 588d.09e0.cf89 (bia 588d.09e0.cf89)


xxxx#sh run int fa1/10

Building configuration...



Current configuration : 546 bytes

!

interface FastEthernet1/10

description xxxxx

switchport

switchport access vlan 2110

switchport mode access

switchport nonegotiate

switchport port-security

switchport port-security maximum 15

switchport port-security aging time 5

switchport port-security violation restrict

switchport port-security aging type inactivity

bandwidth 3000

load-interval 30

duplex full

mls qos trust dscp

storm-control broadcast level 10.00

no cdp enable

service-policy input 3M_ingress

end

that explains it.

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw

Hi ristau5741, can you explain and advice your remark below ?

port-security.

Sent from my LT26i using Tapatalk 2

_________________
som om sinnet hade svartnat för evigt.

Static Mac address has no relation with any of ports. Cisco assigns these Mac addresses to cpu. This helps the different application which runs under switch. for every application has specific Mac address.


In my whole carrier no 1 ask this question to me. I appreciate the 1 who asked this q. and also I hope it solve ur conclusion also....

SAM.

I think the OP was referring to the STATIC entries not the CPU entries...

_________________
---
David
CCIE R&S #38338, CCIP, CCNP

http://networkbroadcast.co.uk - My Blog
http://twitter.com/davidrothera

BTW, OP Stands for ?????

Opening Poster

_________________
---
David
CCIE R&S #38338, CCIP, CCNP

http://networkbroadcast.co.uk - My Blog
http://twitter.com/davidrothera

I always thought it was "original poster"

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw