beautypg.com

Disabling mac address learning, Monitoring the mac address table – Cisco ASA 5505 User Manual

Page 188

background image

4-16

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 4 Configuring the Transparent or Routed Firewall

Customizing the MAC Address Table for the Transparent Firewall

Disabling MAC Address Learning

By default, each interface automatically learns the MAC addresses of entering traffic, and the ASA adds
corresponding entries to the MAC address table. You can disable MAC address learning if desired,
however, unless you statically add MAC addresses to the table, no traffic can pass through the ASA.

To disable MAC address learning, enter the following command:

Monitoring the MAC Address Table

You can view the entire MAC address table (including static and dynamic entries for both interfaces), or
you can view the MAC address table for an interface. To view the MAC address table, enter the following
command:

Examples

The following is sample output from the show mac-address-table command that shows the entire table:

hostname# show mac-address-table

interface

mac address

type

Time Left

-----------------------------------------------------------------------

outside

0009.7cbe.2100

static

-

inside

0010.7cbe.6101

static

-

inside

0009.7cbe.5101

dynamic

10

The following is sample output from the show mac-address-table command that shows the table for the
inside interface:

hostname# show mac-address-table inside

interface

mac address

type

Time Left

-----------------------------------------------------------------------

inside

0010.7cbe.6101

static

-

Command

Purpose

mac-address-table aging-time

timeout_value

Example:

hostname(config)# mac-address-table

aging-time 10

Sets the MAC address entry timeout.

The timeout_value (in minutes) is between 5 and 720 (12 hours). 5 minutes
is the default.

Command

Purpose

mac-learn

interface_name disable

Example:

hostname(config)# mac-learn inside disable

Disables MAC address learning.

The no form of this command reenables MAC address learning. The clear
configure mac-learn command reenables MAC address learning on all
interfaces.

Command

Purpose

show mac-address-table

[interface_name]

Shows the MAC address table.

This manual is related to the following products:
See also other documents in the category Cisco Hardware: