mac address filtering [7:72684]
Hi I have some catalyst 2950 and 3550 switches, that I need to control the mac addresses of the machines that are alowed to connect to the switches, i.e. something similar to port security, but i dont want to configure it per port, but rather for a whole switch or vlan, what would be the best way to accomplish this ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72684t=72684 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: mac address filtering [7:72684]
WELL You can set port security by blade (module) to make it easier, but if you want to be able to move from one port to another that's gonna be tough. I don't know of any 3rd party software that manages that but I wouldn't be surprised if it was out there.An option you might want to explore is setting up a MAC-access list. The question really is how tight you want security to be and what sort of trade off you are willing to accept for the convenience. You can even set up the MAC-access list and associate traffic for a VLAN and what to do with that traffic. But you are getting back to a granular management that might make it easier to just set the security by port again. check out this page on Cisco's site. http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1214ea1/3550cr/cli1.htm#23702 Good luck. Let us know how you work it out. David Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72692t=72684 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: mac address filtering [7:72684]
use VMPS -Nakul Skarphedinsson Arni V. wrote in message news:[EMAIL PROTECTED] Hi I have some catalyst 2950 and 3550 switches, that I need to control the mac addresses of the machines that are alowed to connect to the switches, i.e. something similar to port security, but i dont want to configure it per port, but rather for a whole switch or vlan, what would be the best way to accomplish this ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72698t=72684 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: mac address filtering [7:72684]
I know that the following is not MAC security based, but I think you are looking for something like EAPOL Security. Here is a link http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a008007f395.html Skarphedinsson Arni V. wrote: Hi I have some catalyst 2950 and 3550 switches, that I need to control the mac addresses of the machines that are alowed to connect to the switches, i.e. something similar to port security, but i dont want to configure it per port, but rather for a whole switch or vlan, what would be the best way to accomplish this ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72714t=72684 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: telnet with mac address [7:63440]
I remember that I have made a telnet sesion froma Cisco Aironet 340 (not sure about the model). You CAN do it if you have the mac. My scenario was that someone had changed the IP address and I made the telnet with the mac address. HTH, Hamid hanan wrote in message news:... Hello Could you help please? How I can telnet a bridge 350 with his MAC address not with IP address Thank you hanan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66043t=63440 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Multicas MAC address in a Cat 3524XL [7:64493]
Hello every body, I'm trying to configure a static entry in the mac address table of a cat3524XL trough the command mac-address-table static 0100.5e28.68f2 FastEthernet0/6 FastEthernet0/1 FastEthernet0/2 but as you can see it is a multicast MAC. When I try this command, I get a error message, Any of you know way or how I can add this entry? Thanks Francisco Quiroz mail2web - Check your email from the web at http://mail2web.com/ . Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64493t=64493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC address filtering [7:63463]
Router(config)#access-list ? IP standard access list IP extended access list IPX SAP access list Extended 48-bit MAC address access list IPX summary address access list IP standard access list (expanded range) Protocol type-code access list IP extended access list (expanded range) DECnet access list XNS standard access list XNS extended access list Appletalk access list 48-bit MAC address access list IPX standard access list IPX extended access list dynamic-extended Extend the dynamic ACL abolute timer rate-limitSimple rate-limit specific access list Router(config)#access-list 700 deny 1234.1234.1234 ..00ff Router(config)#access-list 700 permit .. .. Router(config)#int fa0/0 Router(config-if)#access-expression input smac(700) Therefor the deny mac is obviously denying that first mac and then we're permitting everything else Keep in mind that MAc's are in hexadecimel and therefor the inverse mask (ACL remember) is .. which is kind of like going 255.255.255.255 (any) for an ip access-list. Don't fret about the access-expression. That's the only way to apply certain ACL's using Boolean algebraic expression. smac(700) being source-mac of using address 700. You can also use dmac(700) being the destination. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63486t=63463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: telnet with mac address [7:63440]
Thank you very much for your reply But why I want to telnet because my problem is related to my first email when I upgrade the bridge350 Cisco to the new firmware but I didn't get answer for that email problem, so for that I need to telnet the bridge here is a copy of my first email The bridge had fixed ip address it didn't take ip address from dhcp, and it is in the remote network Hello I tried today to upgrade our Cisco APs 350 and Cisco Bridges 350 to the new Version firmware 12 AP 350 I upgrade it was ok but when I upgrade the bridge 350, I couldn't any More access it from the web browser and this bridge dose association with The other bridge but without ip address so I upgrade the second bridge and It wasn't any problem with the upgrade with the second bridge but the Problem still the same the first bridge associate with the second but Without ip address I made test link to this bridge and the signal was 60% And what I have in log is too many station BSS I saw in Cisco web site and it was this error for bridge 340 and its mean That the bridge can associate one client at a time And of course I can't any more access the AP Can you help what I must do exactly and what I must do also to prevent this? Problem for the upgrade for the others bridges hanan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 20, 2003 11:02 PM To: [EMAIL PROTECTED] Subject: RE: telnet with mac address [7:63440] hanan wrote: Hello Could you help please? How I can telnet a bridge 350 with his MAC address not with IP address No. Telnet runs above TCP/IP. When you Telnet to something you tell your Telnet software the IP address (or domain name) of the thing you are Telnetting to. There's no workaround to this. But, what problem are you really trying to solve? According to Cisco documentation, the wireless bridge does have a default address of 192.168.200.1. You could Telnet to that. However, if the bridge has succesfully gotten a new address from DHCP then you can no longer use that address. If that is the case, then you can use the IP Setup Utility (IPSU) to find the bridge's IP address. You may also use IPSU to set the bridge's IP address. The IPSU cannot query the bridge's IP address when the computer running IPSU is on a different subnet than the bridge. If your bridge receives an IP address from a DHCP server, you must install and run IPSU on a computer on the same subnet as the bridge. Priscilla Thank you hanan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63487t=63440 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
telnet with mac address [7:63440]
Hello Could you help please? How I can telnet a bridge 350 with his MAC address not with IP address Thank you hanan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63440t=63440 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: telnet with mac address [7:63440]
hanan wrote: Hello Could you help please? How I can telnet a bridge 350 with his MAC address not with IP address No. Telnet runs above TCP/IP. When you Telnet to something you tell your Telnet software the IP address (or domain name) of the thing you are Telnetting to. There's no workaround to this. But, what problem are you really trying to solve? According to Cisco documentation, the wireless bridge does have a default address of 192.168.200.1. You could Telnet to that. However, if the bridge has succesfully gotten a new address from DHCP then you can no longer use that address. If that is the case, then you can use the IP Setup Utility (IPSU) to find the bridge's IP address. You may also use IPSU to set the bridge's IP address. The IPSU cannot query the bridge's IP address when the computer running IPSU is on a different subnet than the bridge. If your bridge receives an IP address from a DHCP server, you must install and run IPSU on a computer on the same subnet as the bridge. Priscilla Thank you hanan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63445t=63440 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MAC address filtering [7:63463]
Do Cisco routers perform MAC Address/layer 2 filtering with their access lists? or only ip filtering? Thanks :-) Jarred Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63463t=63463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC Address [7:62251]
Larry Letterman wrote: In most cases you will only re-write the source mac address when traversing across a L3 device. I don't think that's so. A host will have an ARP cache entry for its gateway. That would be the destination MAC. The source MAC would be that of the sending host itself. Using its own ARP cache, the gateway would re-write both the source and destination MAC if the destination was, in fact, directly attached to (or reachable via) another Ethernet interface. If not, and the packet needed to cross some serial WAN link, both MACs would simply be stripped off. Every L3 device strips off source and dest. MAC at ingress. Whether or not a new source and dest. MAC is encapsulated around the IP packet depends on whether or not the destination is reachable via another Ethernet interface. If you go across a layer 2 network, all the mac address's would typically be part of the same broadcast domain and not need to be changed. If you go across a T1 or Frame it will still be mapped to or have an assigned IP Address that constitutes a layer 3 hop and write its mac address in the frame. However if I am wrong here, Priscilla or Howard or Chuck will let me know...:) Larry Letterman Network Engineer Cisco Systems - Original Message - From: Cisco Newbie To: Sent: Friday, January 31, 2003 11:42 AM Subject: RE: MAC Address [7:62251] First, thanks for all that responded. One clarification that I need address is the following: If I cross a L3 router and the outgoing interface is something other than Ethernet, will the L2 frame show a new MAC address? In other words, if my outgoing interface is say T1 PPP or even a dial-up, should I be seeing a new MAC address? Is it only when I cross a L3 device AND my outgoing interface is a share medium like Ethernet that a new MAC address will be placed on the frame? Thanks. - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62354t=62251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC Address [7:62251]
s vermill wrote: Larry Letterman wrote: In most cases you will only re-write the source mac address when traversing across a L3 device. I don't think that's so. Did you misplace your comment? I think his first comment is correct, but then a following one is strangely worded. See below. A host will have an ARP cache entry for its gateway. That would be the destination MAC. The source MAC would be that of the sending host itself. Using its own ARP cache, the gateway would re-write both the source and destination MAC if the destination was, in fact, directly attached to (or reachable via) another Ethernet interface. If not, and the packet needed to cross some serial WAN link, both MACs would simply be stripped off. Every L3 device strips off source and dest. MAC at ingress. Whether or not a new source and dest. MAC is encapsulated around the IP packet depends on whether or not the destination is reachable via another Ethernet interface. Or Token Ring, FDDI, LocalTalk. :-) If you go across a layer 2 network, all the mac address's would typically be part of the same broadcast domain and not need to be changed. If you go across a T1 or Frame it will still be mapped to or have an assigned IP Address that constitutes a layer 3 hop and write its mac address in the frame. Here's where he went astray. As I mentioned earlier, a serial interface doesn't have a MAC address and the data-link-layer protocols used across serial interfaces don't have MAC addresses in them. The sentence isn't parsable, (sorry Larry!) but may indicate some additional misunderstanding. The fact that the next hop has a Layer 3 address isn't of major significance when talking about forwarding traffic and the addresses that end up in the forwarded packet. The IP addresses don't change end-to-end. MAC addresses on LANs change, hop by hop. WANs don't have MAC addresses. Yes, routing protocols exchange next hop info using IP addresses. So, if we're considering Ethernet, at some point the source router must have found out the MAC address of the destination router using ARP. The router will put its own MAC address in the source field and the destination (next hop) router's MAC address in the destination field. In the case of a T1 point-to-point link, a MAC address isn't necessary since it's not a shared medium and there's no need to identify which station should receive the frame. There is only one other station! Now, Frame Relay is shared in the cloud. The DLCI would help the L2 switches in the cloud forward the frame correctly. Inverse ARP would help the router map a L3 next hop address to a DLCI, if I understand it correctly. Priscilla However if I am wrong here, Priscilla or Howard or Chuck will let me know...:) Larry Letterman Network Engineer Cisco Systems - Original Message - From: Cisco Newbie To: Sent: Friday, January 31, 2003 11:42 AM Subject: RE: MAC Address [7:62251] First, thanks for all that responded. One clarification that I need address is the following: If I cross a L3 router and the outgoing interface is something other than Ethernet, will the L2 frame show a new MAC address? In other words, if my outgoing interface is say T1 PPP or even a dial-up, should I be seeing a new MAC address? Is it only when I cross a L3 device AND my outgoing interface is a share medium like Ethernet that a new MAC address will be placed on the frame? Thanks. - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62368t=62251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC Address [7:62251]
Priscilla Oppenheimer wrote: s vermill wrote: Larry Letterman wrote: In most cases you will only re-write the source mac address when traversing across a L3 device. I don't think that's so. Did you misplace your comment? No. I disagree that a source MAC re-write would be all that takes place when crossing a L3 device. Host A, sending to an off-subnet Host B, would use its own MAC as the source and the L3 device interface MAC as the destination. The L3 device strips both at ingress. If, in fact, the destination is on a directly attached shared medium, the source MAC is re-writen to that of the egress interface. The destination MAC is whatever the L3 device has in the ARP cache for Host B. Both source and destination MACs change when crossing a L3 device. Doesn't it sound like Larry is saying that the source MAC is all that changes and not the destination MAC? Or maybe I just took that wrong? I think his first comment is correct, but then a following one is strangely worded. See below A host will have an ARP cache entry for its gateway. That would be the destination MAC. The source MAC would be that of the sending host itself. Using its own ARP cache, the gateway would re-write both the source and destination MAC if the destination was, in fact, directly attached to (or reachable via) another Ethernet interface. If not, and the packet needed to cross some serial WAN link, both MACs would simply be stripped off. Every L3 device strips off source and dest. MAC at ingress. Whether or not a new source and dest. MAC is encapsulated around the IP packet depends on whether or not the destination is reachable via another Ethernet interface. Or Token Ring, FDDI, LocalTalk. :-) If you go across a layer 2 network, all the mac address's would typically be part of the same broadcast domain and not need to be changed. If you go across a T1 or Frame it will still be mapped to or have an assigned IP Address that constitutes a layer 3 hop and write its mac address in the frame. Here's where he went astray. As I mentioned earlier, a serial interface doesn't have a MAC address and the data-link-layer protocols used across serial interfaces don't have MAC addresses in them. The sentence isn't parsable, (sorry Larry!) but may indicate some additional misunderstanding. The fact that the next hop has a Layer 3 address isn't of major significance when talking about forwarding traffic and the addresses that end up in the forwarded packet. The IP addresses don't change end-to-end. MAC addresses on LANs change, hop by hop. WANs don't have MAC addresses. Yes, routing protocols exchange next hop info using IP addresses. So, if we're considering Ethernet, at some point the source router must have found out the MAC address of the destination router using ARP. The router will put its own MAC address in the source field and the destination (next hop) router's MAC address in the destination field. In the case of a T1 point-to-point link, a MAC address isn't necessary since it's not a shared medium and there's no need to identify which station should receive the frame. There is only one other station! Now, Frame Relay is shared in the cloud. The DLCI would help the L2 switches in the cloud forward the frame correctly. Inverse ARP would help the router map a L3 next hop address to a DLCI, if I understand it correctly. Priscilla However if I am wrong here, Priscilla or Howard or Chuck will let me know...:) Larry Letterman Network Engineer Cisco Systems - Original Message - From: Cisco Newbie To: Sent: Friday, January 31, 2003 11:42 AM Subject: RE: MAC Address [7:62251] First, thanks for all that responded. One clarification that I need address is the following: If I cross a L3 router and the outgoing interface is something other than Ethernet, will the L2 frame show a new MAC address? In other words, if my outgoing interface is say T1 PPP or even a dial-up, should I be seeing a new MAC address? Is it only when I cross a L3 device AND my outgoing interface is a share medium like Ethernet that a new MAC address will be placed on the frame? Thanks. - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62372t=62251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC Address [7:62251]
s vermill wrote: Priscilla Oppenheimer wrote: s vermill wrote: Larry Letterman wrote: In most cases you will only re-write the source mac address when traversing across a L3 device. I don't think that's so. Did you misplace your comment? No. I disagree that a source MAC re-write would be all that takes place when crossing a L3 device. Host A, sending to an off-subnet Host B, would use its own MAC as the source and the L3 device interface MAC as the destination. The L3 device strips both at ingress. If, in fact, the destination is on a directly attached shared medium, the source MAC is re-writen to that of the egress interface. The destination MAC is whatever the L3 device has in the ARP cache for Host B. Both source and destination MACs change when crossing a L3 device. Doesn't it sound like Larry is saying that the source MAC is all that changes and not the destination MAC? Or maybe I just took that wrong? I think that maybe Larry was saying that the only time it would be *necessary* to change the source MAC is when traversing a L3 device. He isn't necessarily saying that only the source MAC would change when crossing one. Sorry Larry. I think that was a mis-read on my part. I think his first comment is correct, but then a following one is strangely worded. See below A host will have an ARP cache entry for its gateway. That would be the destination MAC. The source MAC would be that of the sending host itself. Using its own ARP cache, the gateway would re-write both the source and destination MAC if the destination was, in fact, directly attached to (or reachable via) another Ethernet interface. If not, and the packet needed to cross some serial WAN link, both MACs would simply be stripped off. Every L3 device strips off source and dest. MAC at ingress. Whether or not a new source and dest. MAC is encapsulated around the IP packet depends on whether or not the destination is reachable via another Ethernet interface. Or Token Ring, FDDI, LocalTalk. :-) If you go across a layer 2 network, all the mac address's would typically be part of the same broadcast domain and not need to be changed. If you go across a T1 or Frame it will still be mapped to or have an assigned IP Address that constitutes a layer 3 hop and write its mac address in the frame. Here's where he went astray. As I mentioned earlier, a serial interface doesn't have a MAC address and the data-link-layer protocols used across serial interfaces don't have MAC addresses in them. The sentence isn't parsable, (sorry Larry!) but may indicate some additional misunderstanding. The fact that the next hop has a Layer 3 address isn't of major significance when talking about forwarding traffic and the addresses that end up in the forwarded packet. The IP addresses don't change end-to-end. MAC addresses on LANs change, hop by hop. WANs don't have MAC addresses. Yes, routing protocols exchange next hop info using IP addresses. So, if we're considering Ethernet, at some point the source router must have found out the MAC address of the destination router using ARP. The router will put its own MAC address in the source field and the destination (next hop) router's MAC address in the destination field. In the case of a T1 point-to-point link, a MAC address isn't necessary since it's not a shared medium and there's no need to identify which station should receive the frame. There is only one other station! Now, Frame Relay is shared in the cloud. The DLCI would help the L2 switches in the cloud forward the frame correctly. Inverse ARP would help the router map a L3 next hop address to a DLCI, if I understand it correctly. Priscilla However if I am wrong here, Priscilla or Howard or Chuck will let me know...:) Larry Letterman Network Engineer Cisco Systems - Original Message - From: Cisco Newbie To: Sent: Friday, January 31, 2003 11:42 AM Subject: RE: MAC Address [7:62251] First, thanks for all that responded. One clarification that I need address is the following: If I cross a L3 router and the outgoing interface is something other than Ethernet, will the L2 frame show a new MAC address? In other words, if my outgoing interface is say T1 PPP or even a dial-up, should I be seeing a new MAC address? Is it only when I cross a L3 device AND my outgoing interface is a share medium like Ethernet that a new MAC address will be placed on the frame? Thanks. - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now [EMAIL PROTECTED
Re: MAC Address [7:62251]
s vermill wrote: s vermill wrote: Priscilla Oppenheimer wrote: s vermill wrote: Larry Letterman wrote: In most cases you will only re-write the source mac address when traversing across a L3 device. I don't think that's so. Did you misplace your comment? No. I disagree that a source MAC re-write would be all that takes place when crossing a L3 device. Host A, sending to an off-subnet Host B, would use its own MAC as the source and the L3 device interface MAC as the destination. The L3 device strips both at ingress. If, in fact, the destination is on a directly attached shared medium, the source MAC is re-writen to that of the egress interface. The destination MAC is whatever the L3 device has in the ARP cache for Host B. Both source and destination MACs change when crossing a L3 device. Doesn't it sound like Larry is saying that the source MAC is all that changes and not the destination MAC? Or maybe I just took that wrong? I think that maybe Larry was saying that the only time it would be *necessary* to change the source MAC is when traversing a L3 device. That's how I read it. (He was comparing it to a L2 device.) The word only is an evil word that editors hate. :-) P. He isn't necessarily saying that only the source MAC would change when crossing one. Sorry Larry. I think that was a mis-read on my part. I think his first comment is correct, but then a following one is strangely worded. See below A host will have an ARP cache entry for its gateway. That would be the destination MAC. The source MAC would be that of the sending host itself. Using its own ARP cache, the gateway would re-write both the source and destination MAC if the destination was, in fact, directly attached to (or reachable via) another Ethernet interface. If not, and the packet needed to cross some serial WAN link, both MACs would simply be stripped off. Every L3 device strips off source and dest. MAC at ingress. Whether or not a new source and dest. MAC is encapsulated around the IP packet depends on whether or not the destination is reachable via another Ethernet interface. Or Token Ring, FDDI, LocalTalk. :-) If you go across a layer 2 network, all the mac address's would typically be part of the same broadcast domain and not need to be changed. If you go across a T1 or Frame it will still be mapped to or have an assigned IP Address that constitutes a layer 3 hop and write its mac address in the frame. Here's where he went astray. As I mentioned earlier, a serial interface doesn't have a MAC address and the data-link-layer protocols used across serial interfaces don't have MAC addresses in them. The sentence isn't parsable, (sorry Larry!) but may indicate some additional misunderstanding. The fact that the next hop has a Layer 3 address isn't of major significance when talking about forwarding traffic and the addresses that end up in the forwarded packet. The IP addresses don't change end-to-end. MAC addresses on LANs change, hop by hop. WANs don't have MAC addresses. Yes, routing protocols exchange next hop info using IP addresses. So, if we're considering Ethernet, at some point the source router must have found out the MAC address of the destination router using ARP. The router will put its own MAC address in the source field and the destination (next hop) router's MAC address in the destination field. In the case of a T1 point-to-point link, a MAC address isn't necessary since it's not a shared medium and there's no need to identify which station should receive the frame. There is only one other station! Now, Frame Relay is shared in the cloud. The DLCI would help the L2 switches in the cloud forward the frame correctly. Inverse ARP would help the router map a L3 next hop address to a DLCI, if I understand it correctly. Priscilla However if I am wrong here, Priscilla or Howard or Chuck will let me know...:) Larry Letterman Network Engineer Cisco Systems - Original Message - From: Cisco Newbie To: Sent: Friday, January 31, 2003 11:42 AM Subject: RE: MAC Address [7:62251] First, thanks for all that responded. One clarification that I need address is the following: If I cross a L3 router and the outgoing interface is something other than Ethernet, will the L2 frame show a new MAC address? In other words, if my outgoing interface is say T1 PPP or even a dial-up, should I be seeing a new MAC address? Is it only when I cross a L3 device AND my outgoing
Re: MAC Address [7:62251]
Sorry for the confusion. My indication to the original post was meant to say that the source mac address will change from hop to hop...and the destination mac address, the source and dest. ip address's should remain the same. As Scott says,the routers may change more than the mac address's when the packet is re-wrote, but I didn't think that level of detail was asked in the question My answer about wan issues was incorrect as Priscilla pointed out...which obviously points out my lack of day to day knowledge on the wan side. Larry Letterman Network Engineer Cisco Systems - Original Message - From: Priscilla Oppenheimer To: Sent: Monday, February 03, 2003 12:45 PM Subject: Re: MAC Address [7:62251] s vermill wrote: s vermill wrote: Priscilla Oppenheimer wrote: s vermill wrote: Larry Letterman wrote: In most cases you will only re-write the source mac address when traversing across a L3 device. I don't think that's so. Did you misplace your comment? No. I disagree that a source MAC re-write would be all that takes place when crossing a L3 device. Host A, sending to an off-subnet Host B, would use its own MAC as the source and the L3 device interface MAC as the destination. The L3 device strips both at ingress. If, in fact, the destination is on a directly attached shared medium, the source MAC is re-writen to that of the egress interface. The destination MAC is whatever the L3 device has in the ARP cache for Host B. Both source and destination MACs change when crossing a L3 device. Doesn't it sound like Larry is saying that the source MAC is all that changes and not the destination MAC? Or maybe I just took that wrong? I think that maybe Larry was saying that the only time it would be *necessary* to change the source MAC is when traversing a L3 device. That's how I read it. (He was comparing it to a L2 device.) The word only is an evil word that editors hate. :-) P. He isn't necessarily saying that only the source MAC would change when crossing one. Sorry Larry. I think that was a mis-read on my part. I think his first comment is correct, but then a following one is strangely worded. See below A host will have an ARP cache entry for its gateway. That would be the destination MAC. The source MAC would be that of the sending host itself. Using its own ARP cache, the gateway would re-write both the source and destination MAC if the destination was, in fact, directly attached to (or reachable via) another Ethernet interface. If not, and the packet needed to cross some serial WAN link, both MACs would simply be stripped off. Every L3 device strips off source and dest. MAC at ingress. Whether or not a new source and dest. MAC is encapsulated around the IP packet depends on whether or not the destination is reachable via another Ethernet interface. Or Token Ring, FDDI, LocalTalk. :-) If you go across a layer 2 network, all the mac address's would typically be part of the same broadcast domain and not need to be changed. If you go across a T1 or Frame it will still be mapped to or have an assigned IP Address that constitutes a layer 3 hop and write its mac address in the frame. Here's where he went astray. As I mentioned earlier, a serial interface doesn't have a MAC address and the data-link-layer protocols used across serial interfaces don't have MAC addresses in them. The sentence isn't parsable, (sorry Larry!) but may indicate some additional misunderstanding. The fact that the next hop has a Layer 3 address isn't of major significance when talking about forwarding traffic and the addresses that end up in the forwarded packet. The IP addresses don't change end-to-end. MAC addresses on LANs change, hop by hop. WANs don't have MAC addresses. Yes, routing protocols exchange next hop info using IP addresses. So, if we're considering Ethernet, at some point the source router must have found out the MAC address of the destination router using ARP. The router will put its own MAC address in the source field and the destination (next hop) router's MAC address in the destination field. In the case of a T1 point-to-point link, a MAC address isn't necessary since it's not a shared medium and there's no need to identify which station should receive the frame. There is only one other station! Now, Frame Relay is shared in the cloud. The DLCI would help the L2 switches in the cloud forward the frame correctly. Inverse ARP would help the router map a L3 next hop address to a DLCI, if I understand it correctly. Priscilla
Re: MAC Address [7:62251]
In most cases you will only re-write the source mac address when traversing across a L3 device. If you go across a layer 2 network, all the mac address's would typically be part of the same broadcast domain and not need to be changed. If you go across a T1 or Frame it will still be mapped to or have an assigned IP Address that constitutes a layer 3 hop and write its mac address in the frame. However if I am wrong here, Priscilla or Howard or Chuck will let me know...:) Larry Letterman Network Engineer Cisco Systems - Original Message - From: Cisco Newbie To: Sent: Friday, January 31, 2003 11:42 AM Subject: RE: MAC Address [7:62251] First, thanks for all that responded. One clarification that I need address is the following: If I cross a L3 router and the outgoing interface is something other than Ethernet, will the L2 frame show a new MAC address? In other words, if my outgoing interface is say T1 PPP or even a dial-up, should I be seeing a new MAC address? Is it only when I cross a L3 device AND my outgoing interface is a share medium like Ethernet that a new MAC address will be placed on the frame? Thanks. - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62306t=62251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC Address [7:62251]
Larry Letterman wrote: In most cases you will only re-write the source mac address when traversing across a L3 device. If you go across a layer 2 network, all the mac address's would typically be part of the same broadcast domain and not need to be changed. If you go across a T1 or Frame it will still be mapped to or have an assigned IP Address that constitutes a layer 3 hop and write its mac address in the frame. A serial interface doesn't have a MAC address and the protocols used across a serial link don't have MAC addresses in their headers. If I misunderstood your point, just let me know. I'm sure you will! :-) Prisiclla However if I am wrong here, Priscilla or Howard or Chuck will let me know...:) Larry Letterman Network Engineer Cisco Systems - Original Message - From: Cisco Newbie To: Sent: Friday, January 31, 2003 11:42 AM Subject: RE: MAC Address [7:62251] First, thanks for all that responded. One clarification that I need address is the following: If I cross a L3 router and the outgoing interface is something other than Ethernet, will the L2 frame show a new MAC address? In other words, if my outgoing interface is say T1 PPP or even a dial-up, should I be seeing a new MAC address? Is it only when I cross a L3 device AND my outgoing interface is a share medium like Ethernet that a new MAC address will be placed on the frame? Thanks. - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62318t=62251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MAC Address [7:62251]
I have a question that has been bothering me. If a packet traverses a L3 devices, does the sorce MAC changes? When does/doesn't the source MAC address changes? thanks. - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62251t=62251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC Address [7:62251]
Cisco Newbie wrote: I have a question that has been bothering me. If a packet traverses a L3 devices, does the sorce MAC changes? When does/doesn't the source MAC address changes? thanks. - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now The source MAC changes everytime the IP packet moves through a L3 device. Even in Multilayer Switching (MLS), where an Ethernet switch moves the packet across L3 boundaries on behalf of the router, it re-writes the source MAC to that of the router so it looks as if it traversed the router. A L2 network is entirely self-contained. There is no significance of a MAC from on L2 network to another. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62264t=62251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC Address [7:62251]
s vermill wrote: Cisco Newbie wrote: I have a question that has been bothering me. If a packet traverses a L3 devices, does the sorce MAC changes? When does/doesn't the source MAC address changes? thanks. - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now The source MAC changes everytime the IP packet moves through a L3 device. Yes, and that's also true for an AppleTalk, IPX, DECnet, Banyan packet, for what it's worth. Not a whole lot, I suppose, although it may help one understand a router's behavior. A router takes in a frame on an input interface, decapsulates it from the L2 header, figures out the output interface, and deals with the relevant L2 issues for the type of L2 protocol on the output interface, including puttting on a new L2 header. For example, if the output interface is Ethernet, the router does CSMA and makes sure the frame is transmitted without encountering a (legal) collision. If it were Token Ring or FDDI, the router would make the output interface could get a token and attach the frame. If it's Frame Relay, it doesn't have to do much, since that's not a shared medium. The router would not, however, in most cases, monitor whether the frame arrived intact. With most L2 protocols, it has no way of knowing that. Priscilla Even in Multilayer Switching (MLS), where an Ethernet switch moves the packet across L3 boundaries on behalf of the router, it re-writes the source MAC to that of the router so it looks as if it traversed the router. A L2 network is entirely self-contained. There is no significance of a MAC from on L2 network to another. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62271t=62251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MAC ADDRESS TO IP ADDRESS [7:62272]
hi there. I have a mac address on my network and need a tool to enter the mac address in and get the ip address from it. any tool or any windows command line function or even any cisco router/switch function has that capability? thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62272t=62272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC ADDRESS TO IP ADDRESS [7:62272]
raj wrote: hi there. I have a mac address on my network and need a tool to enter the mac address in and get the ip address from it. any tool or any windows command line function or even any cisco router/switch function has that capability? thank you. You can do a 'sh apr' on a router or something and look it up. But IPs aren't embedded in MACs (except the special case of multicast, but even then you couldn't recover the entire IP because only 23 bits of the IP are embedded). You can also use a sniffer! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62274t=62272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC Address [7:62251]
First, thanks for all that responded. One clarification that I need address is the following: If I cross a L3 router and the outgoing interface is something other than Ethernet, will the L2 frame show a new MAC address? In other words, if my outgoing interface is say T1 PPP or even a dial-up, should I be seeing a new MAC address? Is it only when I cross a L3 device AND my outgoing interface is a share medium like Ethernet that a new MAC address will be placed on the frame? Thanks. - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62275t=62251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC ADDRESS TO IP ADDRESS [7:62272]
How about this, nothin fancy but it's effective:) C3640A#sh arp | incl 00d0.064a.d400 Internet 172.28.64.1 0 00d0.064a.d400 ARPA Ethernet1/0 C3640A# Dave raj wrote: hi there. I have a mac address on my network and need a tool to enter the mac address in and get the ip address from it. any tool or any windows command line function or even any cisco router/switch function has that capability? thank you. -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 You don't make the poor richer by making the rich poorer. --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62276t=62272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC ADDRESS TO IP ADDRESS [7:62272]
Raj, There's a free utility available called Kiwi's cattools. It has an option available to build a 'master arp table file' from the cisco devices you setup in the program, which you can then view in excel. The file will contain the MAC and the IP and you can search on either. If you haven't used the program before it might take you a bit to set it up depending on how many devices you have, but it's pretty handy. I just used it to automatically change an entry on some dial peer groups on about 15 routers, much easier than logging in and doing it manually. Kris. -Original Message- From: raj [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 2:10 PM To: [EMAIL PROTECTED] Subject: MAC ADDRESS TO IP ADDRESS [7:62272] hi there. I have a mac address on my network and need a tool to enter the mac address in and get the ip address from it. any tool or any windows command line function or even any cisco router/switch function has that capability? thank you. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by email, delete and destroy this message and its attachments. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62279t=62272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC Address [7:62251]
Cisco Newbie wrote: First, thanks for all that responded. One clarification that I need address is the following: If I cross a L3 router and the outgoing interface is something other than Ethernet, will the L2 frame show a new MAC address? In other words, if my outgoing interface is say T1 PPP or even a dial-up, should I be seeing a new MAC address? Is it only when I cross a L3 device AND my outgoing interface is a share medium like Ethernet that a new MAC address will be placed on the frame? Thanks. - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Yep. If the IP packet is destined for a non-Ethernet WAN interface, the appropriate L2 header is encapsulated around it. In the case of T1 PPP, an HDLC-like header is used. There no longer is any source or destination MAC address to be found. They are both stripped off at the ingress Ethernet interface of the router. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62280t=62251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC Address [7:62251]
Cisco Newbie wrote: First, thanks for all that responded. One clarification that I need address is the following: If I cross a L3 router and the outgoing interface is something other than Ethernet, will the L2 frame show a new MAC address? In other words, if my outgoing interface is say T1 PPP or even a dial-up, should I be seeing a new MAC address? Well, the old MAC address is definitely gone. It was stripped off on ingress. T1 PPP and dial-up don't use MAC addresses, so there won't be a new one as the packet traversse that link. But the packet will end up on a router or access server at the other end probably, which will output the packet to Ethernet or some other LAN probably and put in new MAC addresses. Priscilla Is it only when I cross a L3 device AND my outgoing interface is a share medium like Ethernet that a new MAC address will be placed on the frame? Thanks. - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62286t=62251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Finding out of MAC address in Multilayer switch [7:61554]
hi, I am trying to find out the MAC Address of certian IP in a multilayer switch , it seem that the only way is to go to that Valn and do a sniffing to discover , any other quick way from the console or from Cisco Work 2000, please advice , thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61554t=61554 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Finding out of MAC address in Multilayer switch [7:61554]
If the switch is running ios and routing, then issue the following: # show ip arp x.x.x.x(ip address) the router will show you the mac address... Larry Letterman Network Engineer Cisco Systems - Original Message - From: Han Chuan Alex Ang To: Sent: Wednesday, January 22, 2003 2:39 AM Subject: Finding out of MAC address in Multilayer switch [7:61554] hi, I am trying to find out the MAC Address of certian IP in a multilayer switch , it seem that the only way is to go to that Valn and do a sniffing to discover , any other quick way from the console or from Cisco Work 2000, please advice , thanks [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61586t=61554 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port Security on 3550 based on given MAC-Address and [7:58326]
Don't worry about the IP address. The command you had was correct. Why do you ask? -- RFC 1149 Compliant. MK wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How can I configure PortSecurity based on MAc-Address and IP-Address. I only know about switchport port-security mac-address but there must be a way to manage this in conjunction with an IP Static ARp entry Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58326t=58326 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AW: Port Security on 3550 based on given MAC-Address and [7:58329]
Because there must be a way, and I was asked about it in our Company. I know there is some secret behind ! -Urspr|ngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Im Auftrag von Steven A. Ridder Gesendet: Samstag, 30. November 2002 13:42 An: [EMAIL PROTECTED] Betreff: Re: Port Security on 3550 based on given MAC-Address and [7:58326] Don't worry about the IP address. The command you had was correct. Why do you ask? -- RFC 1149 Compliant. MK wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How can I configure PortSecurity based on MAc-Address and IP-Address. I only know about switchport port-security mac-address but there must be a way to manage this in conjunction with an IP Static ARp entry Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58329t=58329 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port Security on 3550 based on given MAC-Address and [7:58332]
No, just do the mac address. That's what they're looking for. Then limit it to 1, because the default is 150. On another note, what does the AW in the subject line (RE: in English)stand for in German? I used to live in y and I can't think of the word... MK wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Because there must be a way, and I was asked about it in our Company. I know there is some secret behind ! -Urspr|ngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Im Auftrag von Steven A. Ridder Gesendet: Samstag, 30. November 2002 13:42 An: [EMAIL PROTECTED] Betreff: Re: Port Security on 3550 based on given MAC-Address and [7:58326] Don't worry about the IP address. The command you had was correct. Why do you ask? -- RFC 1149 Compliant. MK wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How can I configure PortSecurity based on MAc-Address and IP-Address. I only know about switchport port-security mac-address but there must be a way to manage this in conjunction with an IP Static ARp entry Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58332t=58332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port Security on 3550 based on given MAC-Address and [7:58331]
MK wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Because there must be a way, and I was asked about it in our Company. I know there is some secret behind ! -Urspr|ngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Im Auftrag von Steven A. Ridder Gesendet: Samstag, 30. November 2002 13:42 An: [EMAIL PROTECTED] Betreff: Re: Port Security on 3550 based on given MAC-Address and [7:58326] Don't worry about the IP address. The command you had was correct. Why do you ask? -- RFC 1149 Compliant. MK wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How can I configure PortSecurity based on MAc-Address and IP-Address. I only know about switchport port-security mac-address but there must be a way to manage this in conjunction with an IP Static ARp entry Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58331t=58331 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AW: Port Security on 3550 based on given MAC-Address and [7:58339]
I see only a limit within the hole system and that is 128. If I configure switchport port-security maximum 1 It does'nt show up in the config so it is default. Am I right ?? regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58339t=58339 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Port Security on 3550 based on given MAC-Address and IP-Address [7:58298]
How can I configure PortSecurity based on MAc-Address and IP-Address. I only know about switchport port-security mac-address but there must be a way to manage this in conjunction with an IP Static ARp entry Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58298t=58298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Possible to Filter on Destination MAC-Address on a Router? [7:57312]
I'm trying to configure an input-access-list on 7204 Routers (IOS 12.2(10)), which should filter on the destination (!) MAC-address but can't get it work. Is this even possible? The router should ignore all traffic with a destination-MAC (multicast) of 0100.5e7c.0006 and accept all other traffic. In my setup, this address is used with Firewalls in a Stonebeat cluster. Without filter my routers, by mistake, listen to this traffic, replicate it and send it out again which causes multicast-storms. I've read that this is quite a common behaviour observed with Cisco-Routers that run HSRP. By mistake some Routers (depending on what?) sometimes listen to all Layer2 Multicast-Traffic instead to just the HSRP-Multicasts. Unfortunately, I can't configure any filters on the switch, which led me to the idea to apply a filter on the routers. It's no problem to configure an extended MAC Access-list (access-list ). But I struggle with applying it to the interface. The 'bridge-group input-address-list ' just allows standard MAC Access-Lists, which would filter the source-address only. So I tried the follwoing approach (CAR): access-list 1100 permit .. .. 0100.5e7c.0006 .. access-list 101 permit ip any any interface fastethernet0/0 rate-limit input access-group 1100 1 10 10 conform-action drop exceed-action drop rate-limit input access-group 101 1 10 10 conform-action transmit exceed-action transmit In the lab the router accepted the commands, but now it blocks all traffic instead just the specified destination mac-address. Any suggestions? Thanks in advance. Lars Bucher Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57312t=57312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Possible to Filter on Destination MAC-Address on a [7:57312]
Bucher Lars wrote: I'm trying to configure an input-access-list on 7204 Routers (IOS 12.2(10)), which should filter on the destination (!) MAC-address but can't get it work. Is this even possible? The router should ignore all traffic with a destination-MAC (multicast) of 0100.5e7c.0006 and accept all other traffic. In my setup, this address is used with Firewalls in a Stonebeat cluster. Without filter my routers, by mistake, listen to this traffic, replicate it and send it out again which causes multicast-storms. Wouldn't it be better to figure out why the router is doing this? Normally, a router doesn't replicate multicast traffic and send it out again. Why is it doing this? Can you send us your config?? Priscilla I've read that this is quite a common behaviour observed with Cisco-Routers that run HSRP. By mistake some Routers (depending on what?) sometimes listen to all Layer2 Multicast-Traffic instead to just the HSRP-Multicasts. Unfortunately, I can't configure any filters on the switch, which led me to the idea to apply a filter on the routers. It's no problem to configure an extended MAC Access-list (access-list ). But I struggle with applying it to the interface. The 'bridge-group input-address-list ' just allows standard MAC Access-Lists, which would filter the source-address only. So I tried the follwoing approach (CAR): access-list 1100 permit .. .. 0100.5e7c.0006 .. access-list 101 permit ip any any interface fastethernet0/0 rate-limit input access-group 1100 1 10 10 conform-action drop exceed-action drop rate-limit input access-group 101 1 10 10 conform-action transmit exceed-action transmit In the lab the router accepted the commands, but now it blocks all traffic instead just the specified destination mac-address. Any suggestions? Thanks in advance. Lars Bucher Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57314t=57312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Possible to Filter on Destination MAC-Address on a [7:57320]
Hi Priscilla Unfortunately, I'm not in the Office right now. So I've just got the following information at the moment: IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(10a), RELEASE SOFTWARE (fc1) cisco 7204VXR (NPE400) processor (revision A) with 114688K/16384K bytes of memory interface FastEthernet0/0 ip address 10.241.207.197 255.255.255.240 no ip redirects no ip proxy-arp duplex full speed 100 ntp disable standby 1 ip 10.241.207.196 standby 1 preempt standby 1 track ATM2/0.2010 arp 10.241.207.193 0100.5e7c.0006 ARPA Otherwise, there's no special configuration. The static arp entry is needed for the stonebeat solution. As you see, it's just at Layer2 a multicast. At Layer 3 there's just Unicast. I know it sounds silly, but that's the way stonebeat implements its cluster solution. The interesting thing is, that in the LAN I have two other 7200 Routers with the same config but with NPE 300 Processor board and IOS 12.2(4). Those 2 Routers don't replicate the traffic. The same behaviour has been reported by others as well. If you do a search for 'stonebeat' or 'multicast storm' on Cisco's 'Networking Professionals Connection' you can find those. It seems to be a general problem with some Cisco routers, not a Configuration Problem. That's why I was looking for a 'filter-solution. Regards Lars Bucher Priscilla Oppenheimer schrieb im Newsbeitrag news:200211121958.TAA22356;groupstudy.com... Bucher Lars wrote: I'm trying to configure an input-access-list on 7204 Routers (IOS 12.2(10)), which should filter on the destination (!) MAC-address but can't get it work. Is this even possible? The router should ignore all traffic with a destination-MAC (multicast) of 0100.5e7c.0006 and accept all other traffic. In my setup, this address is used with Firewalls in a Stonebeat cluster. Without filter my routers, by mistake, listen to this traffic, replicate it and send it out again which causes multicast-storms. Wouldn't it be better to figure out why the router is doing this? Normally, a router doesn't replicate multicast traffic and send it out again. Why is it doing this? Can you send us your config?? Priscilla I've read that this is quite a common behaviour observed with Cisco-Routers that run HSRP. By mistake some Routers (depending on what?) sometimes listen to all Layer2 Multicast-Traffic instead to just the HSRP-Multicasts. Unfortunately, I can't configure any filters on the switch, which led me to the idea to apply a filter on the routers. It's no problem to configure an extended MAC Access-list (access-list ). But I struggle with applying it to the interface. The 'bridge-group input-address-list ' just allows standard MAC Access-Lists, which would filter the source-address only. So I tried the follwoing approach (CAR): access-list 1100 permit .. .. 0100.5e7c.0006 .. access-list 101 permit ip any any interface fastethernet0/0 rate-limit input access-group 1100 1 10 10 conform-action drop exceed-action drop rate-limit input access-group 101 1 10 10 conform-action transmit exceed-action transmit In the lab the router accepted the commands, but now it blocks all traffic instead just the specified destination mac-address. Any suggestions? Thanks in advance. Lars Bucher Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57320t=57320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Possible to Filter on Destination MAC-Address on a [7:57321]
You'll have to pardon a moment of nostalgia, but the first question I ever asked on groupstudy was about applying a MAC filter to a router. (sniff sniff) To apply a MAC ACL to an interface, you have to set it up to bridge, and since you're routing you need to run IRB. Not that it was meant for such a purpose, but I've had much better results using CAR on a router to filter by MAC address rather than applying an access list. It's much simpler to just use the rate-limit command, imo. It sounds like the router is behaving normally for a router that has multicast members located on an interface. If the switches are causing a broadcast storm, that's a separate issue that should be addressed; the default behavior of most switches is to flood multicasts out all ports. To control that you need to enable either CGMP or IGMP snooping on the appropriate switch ports. hth, Hal -Original Message- From: Priscilla Oppenheimer [mailto:nobody;groupstudy.com] Sent: Tuesday, November 12, 2002 2:59 PM To: [EMAIL PROTECTED] Subject: RE: Possible to Filter on Destination MAC-Address on a [7:57312] Bucher Lars wrote: I'm trying to configure an input-access-list on 7204 Routers (IOS 12.2(10)), which should filter on the destination (!) MAC-address but can't get it work. Is this even possible? The router should ignore all traffic with a destination-MAC (multicast) of 0100.5e7c.0006 and accept all other traffic. In my setup, this address is used with Firewalls in a Stonebeat cluster. Without filter my routers, by mistake, listen to this traffic, replicate it and send it out again which causes multicast-storms. Wouldn't it be better to figure out why the router is doing this? Normally, a router doesn't replicate multicast traffic and send it out again. Why is it doing this? Can you send us your config?? Priscilla I've read that this is quite a common behaviour observed with Cisco-Routers that run HSRP. By mistake some Routers (depending on what?) sometimes listen to all Layer2 Multicast-Traffic instead to just the HSRP-Multicasts. Unfortunately, I can't configure any filters on the switch, which led me to the idea to apply a filter on the routers. It's no problem to configure an extended MAC Access-list (access-list ). But I struggle with applying it to the interface. The 'bridge-group input-address-list ' just allows standard MAC Access-Lists, which would filter the source-address only. So I tried the follwoing approach (CAR): access-list 1100 permit .. .. 0100.5e7c.0006 .. access-list 101 permit ip any any interface fastethernet0/0 rate-limit input access-group 1100 1 10 10 conform-action drop exceed-action drop rate-limit input access-group 101 1 10 10 conform-action transmit exceed-action transmit In the lab the router accepted the commands, but now it blocks all traffic instead just the specified destination mac-address. Any suggestions? Thanks in advance. Lars Bucher Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57321t=57321 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Possible to Filter on Destination MAC-Address [7:57320]
Bucher Lars wrote: Hi Priscilla Unfortunately, I'm not in the Office right now. So I've just got the following information at the moment: IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(10a), RELEASE SOFTWARE (fc1) cisco 7204VXR (NPE400) processor (revision A) with 114688K/16384K bytes of memory interface FastEthernet0/0 ip address 10.241.207.197 255.255.255.240 no ip redirects no ip proxy-arp duplex full speed 100 ntp disable standby 1 ip 10.241.207.196 standby 1 preempt standby 1 track ATM2/0.2010 arp 10.241.207.193 0100.5e7c.0006 ARPA Otherwise, there's no special configuration. The static arp entry is needed for the stonebeat solution. Yes, I've heard of this kludge. ;-) As you see, it's just at Layer2 a multicast. At Layer 3 there's just Unicast. Are you sure these aren't Layer 3 mutlicasts also? It's in the range of multicast addresses reserved by IP Multicast. Regardless I stick to my comment that a normal router wouldn't forward these. It would have to be running ICMP and an IP multicast routing protocol. Of course, that's sort of normal too, but not default behavior. I know it sounds silly, but that's the way stonebeat implements its cluster solution. The interesting thing is, that in the LAN I have two other 7200 Routers with the same config but with NPE 300 Processor board and IOS 12.2(4). Those 2 Routers don't replicate the traffic. That's good. It confirms my belief that the behavior of the other router is odd. The same behaviour has been reported by others as well. If you do a search for 'stonebeat' or 'multicast storm' on Cisco's 'Networking Professionals Connection' you can find those. It seems to be a general problem with some Cisco routers, not a Configuration Problem. That's why I was looking for a 'filter-solution. Did the other person's response solve the problem for you? The one that talked abou IRB. Also, didn't we discuss this just a few days ago? Someone sent a URL that discussed something similar. Let's see if I can find the URL again Oh, I found it. It has to do with routers not sending multicast when they should! But it might have some hints for you. It's here: http://support.microsoft.com/default.aspx?scid=kb;en-us;223136 Wish I had more targetted advice for you! Anyone else want to help? Good luck. Keep us posted on what you figure out. Thanks. Priscilla Regards Lars Bucher Priscilla Oppenheimer schrieb im Newsbeitrag news:200211121958.TAA22356;groupstudy.com... Bucher Lars wrote: I'm trying to configure an input-access-list on 7204 Routers (IOS 12.2(10)), which should filter on the destination (!) MAC-address but can't get it work. Is this even possible? The router should ignore all traffic with a destination-MAC (multicast) of 0100.5e7c.0006 and accept all other traffic. In my setup, this address is used with Firewalls in a Stonebeat cluster. Without filter my routers, by mistake, listen to this traffic, replicate it and send it out again which causes multicast-storms. Wouldn't it be better to figure out why the router is doing this? Normally, a router doesn't replicate multicast traffic and send it out again. Why is it doing this? Can you send us your config?? Priscilla I've read that this is quite a common behaviour observed with Cisco-Routers that run HSRP. By mistake some Routers (depending on what?) sometimes listen to all Layer2 Multicast-Traffic instead to just the HSRP-Multicasts. Unfortunately, I can't configure any filters on the switch, which led me to the idea to apply a filter on the routers. It's no problem to configure an extended MAC Access-list (access-list ). But I struggle with applying it to the interface. The 'bridge-group input-address-list ' just allows standard MAC Access-Lists, which would filter the source-address only. So I tried the follwoing approach (CAR): access-list 1100 permit .. .. 0100.5e7c.0006 .. access-list 101 permit ip any any interface fastethernet0/0 rate-limit input access-group 1100 1 10 10 conform-action drop exceed-action drop rate-limit input access-group 101 1 10 10 conform-action transmit exceed-action transmit In the lab the router accepted the commands, but now it blocks all traffic instead just the specified destination mac-address. Any suggestions? Thanks in advance. Lars Bucher Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57332t=57320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
mac address [7:49076]
Does anyone know if/how you can change to mac addresses of VLAN interfaces on a MSFC2? I tried using the mac-address x.x.x command but it changed the mac address on all the interfaces. I want to have a unique mac on each VLAN interface. Thanks in advance Dave -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications Inc. 612-664-3367 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49076t=49076 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Broadcast Mac Address ? [7:48694]
Brunner Joseph wrote: 03-bf-ac-10-32-1d What makes this mac address broadcast (at layer 2) ? Its used by MS TERM SERVER. It's a Layer 2 multicast address. The first bit transmitted, which on Little Endian Ethernet is the least significant bit of the first byte, is one. The first byte is 0011. That makes it a multicast. (A broadcast would be all ones in all six bytes.) I searched on google before posting here, but all I could find out was some common ranges of broadcast mac addresses, and the vendor code for the first part of this mac. I couldn't find the vendor code. The vendor code would be 02-BF-AC, which I couldn't find in any of the lists I looked at, for some reason. I was looking for a pattern or a formula I could use to deduce mac's like this on my network in the future. You may have done about as much as you can do. Somehow you figured out that it's Microsoft and you determined that it's a broadcast (multicast, actually). You could also study the packets or do some research on this particular application. The only patterns or forumulas are the ones I mentioned above, such as the first bit being a one in multicasts and broadcasts. Here's what I like to say about such things: The Internet has fallen prey to entropy (the degradation of the matter and energy in the universe to an ultimate state of inert uniformity). ;-) Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48706t=48694 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Broadcast Mac Address ? [7:48694]
03-bf-ac-10-32-1d What makes this mac address broadcast (at layer 2) ? Its used by MS TERM SERVER. I searched on google before posting here, but all I could find out was some common ranges of broadcast mac addresses, and the vendor code for the first part of this mac. I was looking for a pattern or a formula I could use to deduce mac's like this on my network in the future. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48694t=48694 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC address in router ARP table [7:48377]
Are you practicing in the lab? If so, just reboot the router. If not, let me know. Carl Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48380t=48377 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC address in router ARP table [7:48377]
Is rebooting the only solution? I am thinking of any other possible method... -Original Message- From: Carl Timm To: [EMAIL PROTECTED] Sent: 09/07/2002 2:13 PM Subject: RE: MAC address in router ARP table [7:48377] Are you practicing in the lab? If so, just reboot the router. If not, let me know. Carl Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48388t=48377 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC address in router ARP table [7:48377]
clear arp-cache Is rebooting the only solution? I am thinking of any other possible method... -Original Message- From: Carl Timm To: [EMAIL PROTECTED] Sent: 09/07/2002 2:13 PM Subject: RE: MAC address in router ARP table [7:48377] Are you practicing in the lab? If so, just reboot the router. If not, let me know. Carl Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48394t=48377 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC address in router ARP table [7:48377]
Lim, Two things regarding your post. 1. You can clear a single ARP CACHE entry using SNMP. Check this link... http://www.cisco.com/warp/public/477/SNMP/clear_arp.shtml 2. Clearing the ARP-CACHE or REBOOTING the router will NOT allow you to duplicate a used STATICALLY assigned IP address. I don't know the rest of your network topology, so I'm assuming the IP you want to use for another host is statically assigned to another host. Yes you'll have to hunt this host down wherever it is and change its IP or release its DHCP-assigned IP. HTH, Elmer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bob Timmons Sent: Tuesday, July 09, 2002 7:30 AM To: [EMAIL PROTECTED] Subject: Re: MAC address in router ARP table [7:48377] clear arp-cache Is rebooting the only solution? I am thinking of any other possible method... -Original Message- From: Carl Timm To: [EMAIL PROTECTED] Sent: 09/07/2002 2:13 PM Subject: RE: MAC address in router ARP table [7:48377] Are you practicing in the lab? If so, just reboot the router. If not, let me know. Carl Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48399t=48377 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC address in router ARP table [7:48377]
Shot in the dark here. =) How about clear ip nat trans? Could you use that to clear the errant NAT entry to free up that IP address? Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48401t=48377 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MAC address in router ARP table [7:48377]
Is there any way to clear the MAC address from the Cisco router ARP table individually? I had removed the IP NAT statements and done CLEAR ARP on the routers, but I am still able to ping the invalid IP address. I need to re-employ the IP for other usage, but I encounters a clash of IP warning message was replied. How can I clear away the old inforamtion? Pls advice. Lim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48377t=48377 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MAC Address of 0000:0000:0000 [7:46908]
I've been seeing messages from our switches complaining about MAC address of zero. Any thoughts on a good search criteria for researching this problem? Better yet, anyone found such a problem? Ken Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46908t=46908 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ip helper address: which is the mac address? [7:44608]
Dear group, When my CPE comes up, it makes a dhcp request. The DHCP server is located on a different subnet .Between dhcp client (CPE) and dhcp server there is a router whit ip helper-address configured. My question is the following: if the DHCP server has to assign a specific IP address to a specific MAC address (CPE's MAC address) but there is a router between them, the DCHP will read the router MAC address...how does it works? Where DHCP will read the correct mac address before giving the right IP address? Thanks in advace, Teresa Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44608t=44608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ip helper address: which is the mac address? [7:44608]
TP wrote: Where DHCP will read the correct mac address before giving the right IP address? From the CHADDR (Client Hardware ADDRess) field in the DHCP packet. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44609t=44608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ip helper address: which is the mac address? [7:44608]
The DHCP server doesn't read the actually MAC address of the client PC. The DHCP client builds a DHCP request packet that includes the client's MAC address. The DHCP relay just passes that packet to the DHCP server, along with additional information (such as what subnet the request is coming from). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44615t=44608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
HSRP MAC address [7:44290]
The HSRP has a virtual IP address and MAC address. Can somebody tell me how the MAC address been chosen. Is that random? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44290t=44290 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP MAC address [7:44290]
Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44292t=44290 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MAC address and switch [7:42226]
Please help a curious mind here, the link is to a white paper describing how to configuring spanning tree. In the document it describes each switch has 1024 mac address. Configuring spanning tree http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/config/spantree.htm#xtocid2879613 MAC Address Allocation The supervisor engine has a pool of 1024 MAC addresses that are used as the bridge IDs for the VLAN spanning trees. You can use the show module command to view the MAC address range for the supervisor engine. Each switch has 1024(MAC)addresses. If I connected port 8 switch A to port 8 switch B with RJ45 crossover cable. 1. Will I have 2048 MAC addresses? 2. Do Ethernet switch come with their own MAC address? Tony *** This message is a private communication. If you are not the intended recipient, please do not read, copy, or use it, and do not disclose it to others. Please notify the sender of the delivery error by replying to this message, and then delete it from your system. Thank you. - Visit http://www.ballfoundation.org for our latest news. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42226t=42226 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC address and switch [7:42226]
At 11:35 AM 4/22/02, Phil Barker wrote: 2.In order to run the spanning tree protocol the switch needs to send multicast packets out any of its ports (BPDUs'). These BPDU's need a source MAC address to distinguish themselves from each other. 1. I think the 1024 MAC Addresses is referring to how many MAC Addresses it could store in memory for the purpose of switching/bridging. i.e once 1024 MAC addresses have been learned it would not add any others to the table since the memory would be exhausted. Phil, Your answer makes sense, but remember this is Cisco we're talking about! ;-) The link says The supervisor engine has a pool of 1024 MAC addresses that are used as the bridge IDs for the VLAN spanning trees. The link is referring to the switch's own MAC addresses, not the ones in its bridging table. The switch has so many MAC addresses because Cisco supports one spanning tree per VLAN. There's a different bridge ID for each VLAN. Your are right, of course, that a bridge has a bridging table that stores the MAC addresses and port numbers for stations outside the bridge that the bridge has learned about. This is also sometimes called the MAC address table or content addressable memory (CAM). The Cisco Catalyst 1900 (low-end) switch can remember 1024 MAC addresses. A high-end switch such as the Catalyst 6000 can remember 32,000 MAC addresses. You are also right that the source address in a BPDU message is the MAC address of the port on the bridge that is transmitting the message. (The IEEE requires a bridge to have a distinct MAC address for each port.) A bridge also has a Bridge ID, as mentioned. The low-order subfield of a Bridge ID is a 6-byte MAC address assigned to the bridge. This is a hard-coded number that is not designed to be changed by the user. Some Cisco switches use one of the MAC addresses of the switch supervisor module for the Bridge ID, whereas other Cisco switches use a MAC address assigned to the backplane of the switch. Priscilla Phil. --- Tony Chen wrote: Please help a curious mind here, the link is to a white paper describing how to configuring spanning tree. In the document it describes each switch has 1024 mac address. Configuring spanning tree http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/config/spantree.htm#xtocid2879613 MAC Address Allocation The supervisor engine has a pool of 1024 MAC addresses that are used as the bridge IDs for the VLAN spanning trees. You can use the show module command to view the MAC address range for the supervisor engine. Each switch has 1024(MAC)addresses. If I connected port 8 switch A to port 8 switch B with RJ45 crossover cable. 1. Will I have 2048 MAC addresses? 2. Do Ethernet switch come with their own MAC address? Tony *** This message is a private communication. If you are not the intended recipient, please do not read, copy, or use it, and do not disclose it to others. Please notify the sender of the delivery error by replying to this message, and then delete it from your system. Thank you. - Visit http://www.ballfoundation.org for our latest news. [EMAIL PROTECTED] __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42251t=42226 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC address and switch [7:42226]
I was going to post the same answer (there's one built-in MAC for each supported VLAN) but I didn't have any documents or info to back me up. and I didn't wanna look like a fool =) (like I've NEVER done that... HA) So I'll ride your coattails and say Yeah... that's what I was going to say Mike W. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Phil, Your answer makes sense, but remember this is Cisco we're talking about! ;-) The link says The supervisor engine has a pool of 1024 MAC addresses that are used as the bridge IDs for the VLAN spanning trees. The link is referring to the switch's own MAC addresses, not the ones in its bridging table. The switch has so many MAC addresses because Cisco supports one spanning tree per VLAN. There's a different bridge ID for each VLAN. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42256t=42226 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Finding a MAC address [7:38560]
Depending on varios scenarios: Assuming the following: If users worksations are WindowsNT stations and properly configure WINS servers you can simply retreave the MAC address by entering the host IP address at the windowsnt command-line e.g. nbtstat -a ip-address If you have Catalyst switches you can retreave their connected port by entering in the switch enable mode CLI e.g show cam dyn .. 48bit mac address, this command example assumes you have the set base catalysts switches, for the IOS base catalyst it would be, e.g. show mac-address-table address .. . These commands will pin-point which bridge-port on the switch the MAC-address comes from. Jorge / CCNA CCNP / CCIE Wannabe / [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.learncisco.n3.net Jeffrey Reed wrote: What utilities are you guys using to find MAC addresses across a large campus network? If I have an end users IP address, check the routers ARP for their MAC, whats the easiest way to find out which switch port? Thanks!! Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=40731t=38560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Finding a MAC address [7:38560]
Depending on varios scenarios: Assuming the following: If users worksations are WindowsNT stations and properly configure WINS servers you can simply retreave the MAC address by entering the host IP address at the windowsnt command-line e.g. nbtstat -a ip-address If you have Catalyst switches you can retreave their connected port by entering in the switch enable mode CLI e.g show cam dyn .. 48bit mac address, this command example assumes you have the set base catalysts switches, for the IOS base catalyst it would be, e.g. show mac-address-table address .. . These commands will pin-point which bridge-port on the switch the MAC-address comes from. Jorge / CCNA CCNP / CCIE Wannabe / [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.learncisco.n3.net Jeffrey Reed wrote: What utilities are you guys using to find MAC addresses across a large campus network? If I have an end users IP address, check the routers ARP for their MAC, whats the easiest way to find out which switch port? Thanks!! Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=40730t=38560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Finding a MAC address [7:38560]
The show cam command uses the mac format of 00-00-00-00-00-00 not the same as the ios command, which uses the .. format. Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of jorge rodriguez Sent: Sunday, April 07, 2002 12:07 AM To: [EMAIL PROTECTED] Subject: Re: Finding a MAC address [7:38560] Depending on varios scenarios: Assuming the following: If users worksations are WindowsNT stations and properly configure WINS servers you can simply retreave the MAC address by entering the host IP address at the windowsnt command-line e.g. nbtstat -a ip-address If you have Catalyst switches you can retreave their connected port by entering in the switch enable mode CLI e.g show cam dyn .. 48bit mac address, this command example assumes you have the set base catalysts switches, for the IOS base catalyst it would be, e.g. show mac-address-table address .. . These commands will pin-point which bridge-port on the switch the MAC-address comes from. Jorge / CCNA CCNP / CCIE Wannabe / [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.learncisco.n3.net Jeffrey Reed wrote: What utilities are you guys using to find MAC addresses across a large campus network? If I have an end users IP address, check the routers ARP for their MAC, whats the easiest way to find out which switch port? Thanks!! Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=40763t=38560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Finding a MAC address [7:38560]
Correct [EMAIL PROTECTED] wrote: The show cam command uses the mac format of 00-00-00-00-00-00 not the same as the ios command, which uses the .. format. Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of jorge rodriguez Sent: Sunday, April 07, 2002 12:07 AM To: [EMAIL PROTECTED] Subject: Re: Finding a MAC address [7:38560] Depending on varios scenarios: Assuming the following: If users worksations are WindowsNT stations and properly configure WINS servers you can simply retreave the MAC address by entering the host IP address at the windowsnt command-line e.g. nbtstat -a ip-address If you have Catalyst switches you can retreave their connected port by entering in the switch enable mode CLI e.g show cam dyn .. 48bit mac address, this command example assumes you have the set base catalysts switches, for the IOS base catalyst it would be, e.g. show mac-address-table address .. . These commands will pin-point which bridge-port on the switch the MAC-address comes from. Jorge / CCNA CCNP / CCIE Wannabe / [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.learncisco.n3.net Jeffrey Reed wrote: What utilities are you guys using to find MAC addresses across a large campus network? If I have an end users IP address, check the routers ARP for their MAC, whats the easiest way to find out which switch port? Thanks!! Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=40775t=38560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Finding a MAC address [7:38560]
I appreciate the help on this question. I think I need to further define my question. How do you find out which switch a MAC address resides in a large network environment. I am working with several large colleges/universities who need to find a student's location in the network. They know the MAC address or IP, but not the student who owns its. They all have over 2000+ students and many switches/hubs where these students reside. The typically have only 1-3 VLANS for students, so its tough to narrow down the location. Some of them used to run Cabletron equipment and their proprietary VLAN software called SecureFast. SecureFast maintained a searchable directory with MAC, network address (IP, IPX, A-talk, Netbios etc.), switch, port, DNS name etc. It was very easy to find a MAC address within seconds. Now we are moving to 802.1Q and Cisco switches and are having severe withdraw. There must be an easy way to insert a MAC or IP address and find it in the CAM table without a lot of manual effort. Thanks again, I appreciate the help!! Jeffrey Reed Classic Networking, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Larry Letterman Sent: Saturday, March 16, 2002 6:35 PM To: [EMAIL PROTECTED] Subject: RE: Finding a MAC address [7:38560] On the router you can do a 'sh mac-addr-table addr --(mac addr) and it will show you the interface that the Mac-addr is on. On switches you can do a 'show cam xx-xx-xx-xx-xx-xx and it should give you the port on the switch where the mac-addr is.. This works on our 6500 switches with msfc routing and supervisor cards.. Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeffrey Reed Sent: Saturday, March 16, 2002 2:15 PM To: [EMAIL PROTECTED] Subject: Finding a MAC address [7:38560] What utilities are you guys using to find MAC addresses across a large campus network? If I have an end users IP address, check the routers ARP for their MAC, whats the easiest way to find out which switch port? Thanks!! Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38601t=38560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Finding a MAC address [7:38560]
I agree with the previous poster. If you know the router acting as the gateway for the IP, start there and go step by step. It sounds like a hassle, but I can assure you that usually users are usually no more than a few layer 2 hops away from their gateway router. Shouldn't take more than a minute to pinpoint an exact switchport given the MAC (or IP). I do this all the time, and it's a piece of cake. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38604t=38560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Finding a MAC address [7:38560]
There's a tool built into CiscoWorks that will tell you which port a MAC address is connected to. It matches the switch CAM tables to the router ARP tables, so you can search by IP or MAC address. -Mike Mike Smith Network Administrator Information Technology Services Bowling Green State University Email:[EMAIL PROTECTED] Phone (419) 372-9510 I appreciate the help on this question. I think I need to further define my question. How do you find out which switch a MAC address resides in a large network environment. I am working with several large colleges/universities who need to find a student's location in the network. They know the MAC address or IP, but not the student who owns its. They all have over 2000+ students and many switches/hubs where these students reside. The typically have only 1-3 VLANS for students, so its tough to narrow down the location. Some of them used to run Cabletron equipment and their proprietary VLAN software called SecureFast. SecureFast maintained a searchable directory with MAC, network address (IP, IPX, A-talk, Netbios etc.), switch, port, DNS name etc. It was very easy to find a MAC address within seconds. Now we are moving to 802.1Q and Cisco switches and are having severe withdraw. There must be an easy way to insert a MAC or IP address and find it in the CAM table without a lot of manual effort. Thanks again, I appreciate the help!! Jeffrey Reed Classic Networking, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Larry Letterman Sent: Saturday, March 16, 2002 6:35 PM To: [EMAIL PROTECTED] Subject: RE: Finding a MAC address [7:38560] On the router you can do a 'sh mac-addr-table addr --(mac addr) and it will show you the interface that the Mac-addr is on. On switches you can do a 'show cam xx-xx-xx-xx-xx-xx and it should give you the port on the switch where the mac-addr is.. This works on our 6500 switches with msfc routing and supervisor cards.. Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeffrey Reed Sent: Saturday, March 16, 2002 2:15 PM To: [EMAIL PROTECTED] Subject: Finding a MAC address [7:38560] What utilities are you guys using to find MAC addresses across a large campus network? If I have an end users IP address, check the routers ARP for their MAC, whats the easiest way to find out which switch port? Thanks!! Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38617t=38560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Finding a MAC address [7:38560]
What utilities are you guys using to find MAC addresses across a large campus network? If I have an end users IP address, check the routers ARP for their MAC, whats the easiest way to find out which switch port? Thanks!! Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38560t=38560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Finding a MAC address [7:38560]
Solar Wind has a utility that is apart of the Engineering edition that is used to get Mac addresses or use Cisco Works -Original Message- From: Jeffrey Reed [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 16, 2002 5:15 PM To: [EMAIL PROTECTED] Subject: Finding a MAC address [7:38560] What utilities are you guys using to find MAC addresses across a large campus network? If I have an end users IP address, check the routers ARP for their MAC, whats the easiest way to find out which switch port? Thanks!! Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38562t=38560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Finding a MAC address [7:38560]
On the router you can do a 'sh mac-addr-table addr --(mac addr) and it will show you the interface that the Mac-addr is on. On switches you can do a 'show cam xx-xx-xx-xx-xx-xx and it should give you the port on the switch where the mac-addr is.. This works on our 6500 switches with msfc routing and supervisor cards.. Larry Letterman Cisco Systems [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeffrey Reed Sent: Saturday, March 16, 2002 2:15 PM To: [EMAIL PROTECTED] Subject: Finding a MAC address [7:38560] What utilities are you guys using to find MAC addresses across a large campus network? If I have an end users IP address, check the routers ARP for their MAC, whats the easiest way to find out which switch port? Thanks!! Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38564t=38560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Finding a MAC address [7:38560]
If your talking catalyst: C6509 (enable) sh cam 00-60-08-b0-a2-46 * = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry. X = Port Security Entry $ = Dot1x Security Entry VLAN Dest MAC/Route Des[CoS] Destination Ports or VCs / [Protocol Type] --- --- 5600-60-08-b0-a2-46 5/35 [ALL] Total Matching CAM Entries Displayed =1 C6509 (enable) Dave Jeffrey Reed wrote: What utilities are you guys using to find MAC addresses across a large campus network? If I have an end users IP address, check the routers ARP for their MAC, whats the easiest way to find out which switch port? Thanks!! Jeff -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications Inc. 612-664-3367 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38568t=38560 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
mac address searcher [7:37143]
Guys, you assistance if you please.. i am looking for a new tool to help me automate a task... i work for a global company with multiple it teams,who like to move multiple it servers willy-nilly... i suppport the switches 65`s but due to politics i am not allowed to set port secuirty on them... is there any tool out there that will queiry a cisco switch and tell me if it has a MAC record in its cam table.. i have got 60 65`s in 18 different MAN locations...and christ knows how many servers... it`s just i am lazy and dont want to keep typing Sh ip arp and sh cam dyn all the time... any help would be great. TIA steve _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp; Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37143t=37143 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: mac address searcher [7:37143]
CiscoWorks/Campus Manager knows to do that. Sasa CCIE #8635 steve skinner wrote: Guys, you assistance if you please.. i am looking for a new tool to help me automate a task... i work for a global company with multiple it teams,who like to move multiple it servers willy-nilly... i suppport the switches 65`s but due to politics i am not allowed to set port secuirty on them... is there any tool out there that will queiry a cisco switch and tell me if it has a MAC record in its cam table.. i have got 60 65`s in 18 different MAN locations...and christ knows how many servers... it`s just i am lazy and dont want to keep typing Sh ip arp and sh cam dyn all the time... any help would be great. TIA steve _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp; Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37181t=37143 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
dialup mac address [7:36394]
hey group I've got a 3640 with a couple'a pri's and two modem banks... I want to give vendors access to very specific servers through a firewall... (netscreen) My original thought was to place the vendor's mac address for it's dialup adapter in dhcp and assign it the same ip every timethen base the ACL's to each server on the vendor ip address... All the searching I have done on the web say dialup adapters have generic mac addresses, ie 44-45-53-54-00-00 ... How can I get the 3640 to dole out specfic ip's to vendors? How do isp's keep up with leases if this is the case? -Patrick Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36394t=36394 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dialup mac address [7:36394]
You can assign them a specific IP and/or privledges based on username using radius. -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 12:29 PM To: [EMAIL PROTECTED] Subject: dialup mac address [7:36394] hey group I've got a 3640 with a couple'a pri's and two modem banks... I want to give vendors access to very specific servers through a firewall... (netscreen) My original thought was to place the vendor's mac address for it's dialup adapter in dhcp and assign it the same ip every timethen base the ACL's to each server on the vendor ip address... All the searching I have done on the web say dialup adapters have generic mac addresses, ie 44-45-53-54-00-00 ... How can I get the 3640 to dole out specfic ip's to vendors? How do isp's keep up with leases if this is the case? -Patrick Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36408t=36394 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: dialup mac address [7:36394]
Hello, Without using any AAA server, you nac assign specific IP address by using dialer pool . Mohannad Khuffash PalTel Patrick Ramsey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hey group I've got a 3640 with a couple'a pri's and two modem banks... I want to give vendors access to very specific servers through a firewall... (netscreen) My original thought was to place the vendor's mac address for it's dialup adapter in dhcp and assign it the same ip every timethen base the ACL's to each server on the vendor ip address... All the searching I have done on the web say dialup adapters have generic mac addresses, ie 44-45-53-54-00-00 ... How can I get the 3640 to dole out specfic ip's to vendors? How do isp's keep up with leases if this is the case? -Patrick Confidentiality DisclaimerThis email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36415t=36394 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: dialup mac address [7:36394]
Can I assume secure ACS does this? Hire, Ejay 02/25/02 01:24PM You can assign them a specific IP and/or privledges based on username using radius. -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 12:29 PM To: [EMAIL PROTECTED] Subject: dialup mac address [7:36394] hey group I've got a 3640 with a couple'a pri's and two modem banks... I want to give vendors access to very specific servers through a firewall... (netscreen) My original thought was to place the vendor's mac address for it's dialup adapter in dhcp and assign it the same ip every timethen base the ACL's to each server on the vendor ip address... All the searching I have done on the web say dialup adapters have generic mac addresses, ie 44-45-53-54-00-00 ... How can I get the 3640 to dole out specfic ip's to vendors? How do isp's keep up with leases if this is the case? -Patrick Confidentiality Disclaimer Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36416t=36394 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Practical Studies, Multiple MAC Address [7:35935]
Hi there In the Cisco Press Practical Studies Book, page 1159 under Misc Cisco IOS Software Configuration there as follows. A mainframe resides on VLAN 2. It has three IP addresses: 165.10.10.100, 101 and 102. These IP Addresses correspond to a single MAC Address of 2200.0001.0001. Configure the Router R4, to support forwarding traffic to a single MAC address for all these IP addresses. Does anybody know were I can get some information on how to configure this as I have looked around the Cisco web site and cannot find anything on this (Maybe I am serching for the wrong thing). Thanks in advance Cheers Derek Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35935t=35935 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Practical Studies, Multiple MAC Address [7:35935]
HSRP standby use-bia [scope interface] Configure HSRP to use the burned-in address of an interface as its virtual MAC address instead of the preassigned MAC address (on Ethernet and FDDI) or the functional address (on Token Ring). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36007t=35935 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC Address format [7:35179]
ROTFL Chris Charlebois wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Simple. Follow this procedure. 1) Get a clean sheet of white paper and a #2 pencil. 2) Write down, in pencil, the MAC address from the Cisco Router exactly as displayed, but leave space between each character. 3) Using the eraser end of the pencil, erase all periods. 4) Using the pencil, insert a colon after every 2nd number. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35403t=35179 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Mac address [7:35302]
Is it possible to add a dynamic mac address to a cisco catalyst switch? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35302t=35302 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Dynamic Mac Address Assignment [7:35303]
Pls ignore my previous post b'cos it's wrongly frame. Here's what I want to ask: Is it possible to assign a mac address to a catalyst switch such that the switch would not use the burned-in-mac but rather use the assigned mac? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35303t=35303 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dynamic Mac Address Assignment [7:35303]
IOS based switch - 3524XL_ATL(config-if)#mac-address ? H.H.H MAC address Joseph Brunner ASN 21572 MortgageIT MITLending New York, NY 10038 (212) 651 - 7695 Voice (212) 651 - 7795 Fax -Original Message- From: Kwame [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 13, 2002 10:11 AM To: [EMAIL PROTECTED] Subject: Dynamic Mac Address Assignment [7:35303] Pls ignore my previous post b'cos it's wrongly frame. Here's what I want to ask: Is it possible to assign a mac address to a catalyst switch such that the switch would not use the burned-in-mac but rather use the assigned mac? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35309t=35303 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
MAC Address format [7:35179]
Hi All, I have to a MAC address shown as 0008.0050.8db2 on my cisco and want to block it on my 3com lan switch which has MAC addresses in the format eg. 00:01:03:28:4c:3d How do I convert the Cisco MAC to this other format? Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35179t=35179 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC Address format [7:35179]
Simple. Follow this procedure. 1) Get a clean sheet of white paper and a #2 pencil. 2) Write down, in pencil, the MAC address from the Cisco Router exactly as displayed, but leave space between each character. 3) Using the eraser end of the pencil, erase all periods. 4) Using the pencil, insert a colon after every 2nd number. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35194t=35179 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MAC Address format [7:35203]
Those are both valid MAC formats. Your router's MAC is 00:08:00:50:8d:b2. Same hex digits, different way of writing them. Hal -Original Message- From: Charles Lomotey [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 12, 2002 7:08 AM To: [EMAIL PROTECTED]; Logan, Harold; Charles Lomotey; [EMAIL PROTECTED] Subject: MAC Address format Hi All, I have to a MAC address shown as 0008.0050.8db2 on my cisco and want to block it on my 3com lan switch which has MAC addresses in the format eg. 00:01:03:28:4c:3d How do I convert the Cisco MAC to this other format? Charles _ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35203t=35203 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MAC Address format [7:35203]
In fairness to the original poster, different manufacturers, and even within Cisco, different product lines, have different ways of entering/configuring MAC's. True, a MAC is 48 bits, and true, there are different ways of representing them. Most books I have read use the .. format. some sources might use colons instead of periods. But in terms of configuration, on a Cisco router the configuration format is 1224.5678.abcd while on a catalyst 5000 switch the format is 12-34-56-78-ab-cd The guy who posted the original question noted that on 3com garbage equipment the format is 12:23:56:78:ab:cd Chuck Logan, Harold wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Those are both valid MAC formats. Your router's MAC is 00:08:00:50:8d:b2. Same hex digits, different way of writing them. Hal -Original Message- From: Charles Lomotey [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 12, 2002 7:08 AM To: [EMAIL PROTECTED]; Logan, Harold; Charles Lomotey; [EMAIL PROTECTED] Subject: MAC Address format Hi All, I have to a MAC address shown as 0008.0050.8db2 on my cisco and want to block it on my 3com lan switch which has MAC addresses in the format eg. 00:01:03:28:4c:3d How do I convert the Cisco MAC to this other format? Charles _ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35208t=35203 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Block this MAC address! [7:34953]
You can block it with MQC. Just match on that mac address then give him zero bw, like the nimda fix you could do on Cisco routers. Look up MQC and nimda. Brian Dennis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If memory serves me correct, on a router, the MAC address access-list will not work for a protocol if you're routing that protocol. It's used for bridged traffic. If you're routing IP and need to filter based on a MAC address you might try looking into using a BVI. Another easier solution would be to just allow from the customer only the IP addresses that are assigned to the customer. Brian Dennis, CCIE #2210 (RS)(ISP/Dial) Chuck Larrieu wrote: absolutely. you want something in either the 700-799 range or 1100-1199 range. see router output below:I've never actually implemented one of these in real or lab. the choices seem to be permit or deny. There does not appear to be a lot of flexibility here, as with an IP access list. R1(config)#access-list ? (edited ) Extended 48-bit MAC address access list 48-bit MAC address access list HTH Chuck Charles Lomotey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Is it possible to block a MAC address on an interface by accesslist or.?? I have this annoying customer playing around with their IP adresses and bringing down the whole network Charles Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35028t=34953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Block this MAC address! [7:34953]
Hi, Is it possible to block a MAC address on an interface by accesslist or.?? I have this annoying customer playing around with their IP adresses and bringing down the whole network Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34953t=34953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Block this MAC address! [7:34953]
absolutely. you want something in either the 700-799 range or 1100-1199 range. see router output below:I've never actually implemented one of these in real or lab. the choices seem to be permit or deny. There does not appear to be a lot of flexibility here, as with an IP access list. R1(config)#access-list ? (edited ) Extended 48-bit MAC address access list 48-bit MAC address access list HTH Chuck Charles Lomotey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Is it possible to block a MAC address on an interface by accesslist or.?? I have this annoying customer playing around with their IP adresses and bringing down the whole network Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34967t=34953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Block this MAC address! [7:34953]
If memory serves me correct, on a router, the MAC address access-list will not work for a protocol if you're routing that protocol. It's used for bridged traffic. If you're routing IP and need to filter based on a MAC address you might try looking into using a BVI. Another easier solution would be to just allow from the customer only the IP addresses that are assigned to the customer. Brian Dennis, CCIE #2210 (RS)(ISP/Dial) Chuck Larrieu wrote: absolutely. you want something in either the 700-799 range or 1100-1199 range. see router output below:I've never actually implemented one of these in real or lab. the choices seem to be permit or deny. There does not appear to be a lot of flexibility here, as with an IP access list. R1(config)#access-list ? (edited ) Extended 48-bit MAC address access list 48-bit MAC address access list HTH Chuck Charles Lomotey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Is it possible to block a MAC address on an interface by accesslist or.?? I have this annoying customer playing around with their IP adresses and bringing down the whole network Charles Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34969t=34953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: Block this MAC address! [7:34953]
Correct me if I'm wrong, but I seem to remember that MAC- address access lists only work on bridged interfaces. Is that the case? I seem to remember reading that somewhere. I'll have to double check. John Get your own 800 number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag On Sat, 9 Feb 2002, Chuck Larrieu ([EMAIL PROTECTED]) wrote: absolutely. you want something in either the 700-799 range or 1100-1199 range. see router output below:I've never actually implemented one of these in real or lab. the choices seem to be permit or deny. There does not appear to be a lot of flexibility here, as with an IP access list. R1(config)#access-list ? (edited ) Extended 48-bit MAC address access list 48-bit MAC address access list HTH Chuck Charles Lomotey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Is it possible to block a MAC address on an interface by accesslist or.?? I have this annoying customer playing around with their IP adresses and bringing down the whole network Charles -- -- [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34980t=34953 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Mac address for Serial Ports?? [7:31898]
Hello, Is there a way of verifying that a serial port in borrowing the mac address of the Ethernet/Tr port when it is connecting to another router in an IP network? I see this in an ipx network but not in an ip network. sh ipx int s0 I tried the debug ip packet, detail, debug arp, debug broadcast etc. but I am not seeing that the serial port is using a mac address. What test can I do on my router to check that the serial port does borrow the first available Mac address of a Ethernet port on a router? Thank you. _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31898t=31898 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mac address for Serial Ports?? [7:31898]
Serial interfaces don't have MAC addresses. IPX is a special case because the network-layer node address IS the MAC address. Think about frame formats and identifications for WAN protocols. What identifies the sender in Frame Relay? A DLCI. How about ATM? A VPI/VCI pair. How about PPP? No need because it's point-to-point. How about HDLC. No need because it's point-to-point (in Cisco HDLC anyway). How does a network layer address get mapped to a data-link identifier? Static mapping or Inverse ARP for some protocols. PPP has the NCP which sits between the two layers. Priscilla At 02:51 PM 1/14/02, Cisco Nuts wrote: Hello, Is there a way of verifying that a serial port in borrowing the mac address of the Ethernet/Tr port when it is connecting to another router in an IP network? I see this in an ipx network but not in an ip network. sh ipx int s0 I tried the debug ip packet, detail, debug arp, debug broadcast etc. but I am not seeing that the serial port is using a mac address. What test can I do on my router to check that the serial port does borrow the first available Mac address of a Ethernet port on a router? Thank you. _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31904t=31898 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mac address for Serial Ports?? [7:31898]
At 10:50 PM 1/14/02, Cisco Nuts wrote: Sorry Priscilla but I am trying to understand, IP does not need a mac address to get to the next hop( on a point-to-point netw - PPP or HDLC)!! Why? Because it is a point-to-point as you say? But I thought ip was layer three. It is Layer 3, but in most cases to send an IP packet requires a Layer 2 address also. But not if there's only one possible recipient, the other end of the point-to-point link. I'm not sure I understand your confusion, but maybe this will help. Compare IP on a LAN to IP on a WAN. For example, assume you have configured IP addresses on some Ethernet stations and also on some router serial interfaces and you're doing some pinging. A LAN device sends an ARP packet to find the MAC address that maps to the destination IP address. On a point-to-point WAN, a device doesn't do this. It assumes there's only one place the packet can go -- to the other end. Also compare this to Frame Relay and ATM. In this case, a device learns in advance through Inverse ARP which data-link identifier to use when sending to an IP address. Maybe the point is just too obvious or you haven't thought about the fact that a point-to-point link is a special case Please send questions to the group. I like to answer to the group so that everyone benefits from the answer and any discussion that follows. Priscilla I understand in terms of ATM or FR but ip on a point-to-point? Am I missing something here? Sorry, can you help? From: Priscilla Oppenheimer Reply-To: Priscilla Oppenheimer To: [EMAIL PROTECTED] Subject: Re: Mac address for Serial Ports?? [7:31898] Date: Mon, 14 Jan 2002 15:37:15 -0500 Serial interfaces don't have MAC addresses. IPX is a special case because the network-layer node address IS the MAC address. Think about frame formats and identifications for WAN protocols. What identifies the sender in Frame Relay? A DLCI. How about ATM? A VPI/VCI pair. How about PPP? No need because it's point-to-point. How about HDLC. No need because it's point-to-point (in Cisco HDLC anyway). How does a network layer address get mapped to a data-link identifier? Static mapping or Inverse ARP for some protocols. PPP has the NCP which sits between the two layers. Priscilla At 02:51 PM 1/14/02, Cisco Nuts wrote: Hello, Is there a way of verifying that a serial port in borrowing the mac address of the Ethernet/Tr port when it is connecting to another router in an IP network? I see this in an ipx network but not in an ip network. sh ipx int s0 I tried the debug ip packet, detail, debug arp, debug broadcast etc. but I am not seeing that the serial port is using a mac address. What test can I do on my router to check that the serial port does borrow the first available Mac address of a Ethernet port on a router? Thank you. _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Priscilla Oppenheimer http://www.priscilla.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31919t=31898 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mac address for Serial Ports?? [7:31898]
Thank you very much. Yes, I do understand now. Regards. From: Priscilla Oppenheimer Reply-To: Priscilla Oppenheimer To: [EMAIL PROTECTED] Subject: Re: Mac address for Serial Ports?? [7:31898] Date: Mon, 14 Jan 2002 18:33:24 -0500 At 10:50 PM 1/14/02, Cisco Nuts wrote: Sorry Priscilla but I am trying to understand, IP does not need a mac address to get to the next hop( on a point-to-point netw - PPP or HDLC)!! Why? Because it is a point-to-point as you say? But I thought ip was layer three. It is Layer 3, but in most cases to send an IP packet requires a Layer 2 address also. But not if there's only one possible recipient, the other end of the point-to-point link. I'm not sure I understand your confusion, but maybe this will help. Compare IP on a LAN to IP on a WAN. For example, assume you have configured IP addresses on some Ethernet stations and also on some router serial interfaces and you're doing some pinging. A LAN device sends an ARP packet to find the MAC address that maps to the destination IP address. On a point-to-point WAN, a device doesn't do this. It assumes there's only one place the packet can go -- to the other end. Also compare this to Frame Relay and ATM. In this case, a device learns in advance through Inverse ARP which data-link identifier to use when sending to an IP address. Maybe the point is just too obvious or you haven't thought about the fact that a point-to-point link is a special case Please send questions to the group. I like to answer to the group so that everyone benefits from the answer and any discussion that follows. Priscilla I understand in terms of ATM or FR but ip on a point-to-point? Am I missing something here? Sorry, can you help? From: Priscilla Oppenheimer Reply-To: Priscilla Oppenheimer To: [EMAIL PROTECTED] Subject: Re: Mac address for Serial Ports?? [7:31898] Date: Mon, 14 Jan 2002 15:37:15 -0500 Serial interfaces don't have MAC addresses. IPX is a special case because the network-layer node address IS the MAC address. Think about frame formats and identifications for WAN protocols. What identifies the sender in Frame Relay? A DLCI. How about ATM? A VPI/VCI pair. How about PPP? No need because it's point-to-point. How about HDLC. No need because it's point-to-point (in Cisco HDLC anyway). How does a network layer address get mapped to a data-link identifier? Static mapping or Inverse ARP for some protocols. PPP has the NCP which sits between the two layers. Priscilla At 02:51 PM 1/14/02, Cisco Nuts wrote: Hello, Is there a way of verifying that a serial port in borrowing the mac address of the Ethernet/Tr port when it is connecting to another router in an IP network? I see this in an ipx network but not in an ip network. sh ipx int s0 I tried the debug ip packet, detail, debug arp, debug broadcast etc. but I am not seeing that the serial port is using a mac address. What test can I do on my router to check that the serial port does borrow the first available Mac address of a Ethernet port on a router? Thank you. _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Priscilla Oppenheimer http://www.priscilla.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Priscilla Oppenheimer http://www.priscilla.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31922t=31898 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: CCNP Switching - Mapping MAC address to IP Multicast [7:10]
Re-Post -Original Message- From: Kaminski, Shawn G Sent: Wednesday, December 12, 2001 10:17 AM To: 'Sergio' Cc: 'Groupstudy' Subject: RE: CCNP Switching - Mapping MAC address to IP Multicast [7:10] Don't worry about MAC-to-IP Multicast Address conversion, only IP Multicast Address-to-MAC conversion. What you're doing is converting the decimal Multicast IP address to hexadecimal. Here's what you need to remember: 1.All Multicast IP addresses range from 224 through 239 in the first octet. 2.All Multicast MAC addresses begin with 01.00.5e 3.When converting from decimal to hexadecimal, the second octet of the Multicast IP address must fall between 0 and 127. If it is more than 127, you must subtract 128 from it to get between 0 and 127. 4.Cisco doesn't expect you to memorize the decimal-to-hexadecimal conversions. They will give you a chart on the exam. Here's a few examples: 1.Given the address 223.128.37.255, map this to its equivalent Multicast MAC address. Answer: You can't because the first octet 223 doesn't fall between the Multicast range of 224 through 239. 2.Given the address 225.128.37.255, map this to its equivalent Multicast MAC address. Answer: A.Remember, all Multicast MAC addresses begin with 01.00.5e. So, the 225 portion (first octet) of the Multicast IP address becomes 01.00.5e. B.The second octet does not fall between 0 and 127, so subtract 128 from it. 128-128=0. 0 converted to hexadecimal is 00. C.The third octet just gets converted to hexadecimal. It doesn't have to fall between 0 and 127. So, 37 converted to hexadecimal is 25. D.The fourth octet just gets converted to hexadecimal. It doesn't have to fall between 0 and 127. So, 255 converted to hexadecimal is e1. So, the Multicast IP address 225.128.37.255 converted, or mapped, to its equivalent Multicast MAC address is 01.00.5e.00.25.e1 Shawn -Original Message- From: Sergio [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 11, 2001 3:33 PM To: [EMAIL PROTECTED] Subject: CCNP Switching - Mapping MAC address to IP Multicast [7:10] Hi all. This is my first message here. Greetings from Spain ;) Now, i have a question for you. I'm preparing my CCNP Switching exam, and now im reading about IP Multicast. The book says that IANA reserved some MAC address for using with IP Multicast. The book also says that MAC addresses must be mapped to IP Multicast address, and it explains how to map them. But i cant understand it. I dont understand how to map MAC address to IP Multicast addresses. Can u help me? Thanks in advice. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29084t=10 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Switching - Mapping MAC address to IP Multicast [7:10]
Sergio, Here's a link to Cisco's internal IP Multicast Training.Thought it might be of use to you. ftp://ftpeng.cisco.com/ipmulticast/training/index.html As for mapping addresses... ftp://ftpeng.cisco.com/ipmulticast/whitepapers/technology_overview/index.html Hope this helps *** REPLY SEPARATOR *** On 12/11/2001 at 3:32 PM Sergio wrote: Hi all. This is my first message here. Greetings from Spain ;) Now, i have a question for you. I'm preparing my CCNP Switching exam, and now im reading about IP Multicast. The book says that IANA reserved some MAC address for using with IP Multicast. The book also says that MAC addresses must be mapped to IP Multicast address, and it explains how to map them. But i cant understand it. I dont understand how to map MAC address to IP Multicast addresses. Can u help me? Thanks in advice. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28943t=10 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: CCNP Switching - Mapping MAC address to IP Multicast [7:10]
MSG Re-posted -Original Message- From: Thompson, Robert D Sent: 12 December 2001 08:10 To: [EMAIL PROTECTED] Cc: '[EMAIL PROTECTED]' Subject: RE: CCNP Switching - Mapping MAC address to IP Multicast [7:10] HI Sergio, The best way I can explain this is in the following way Remember to convert the IP address given to binary. The reason for this is to convert binary to hex (you need to know how to convert binary to hex, thats the key here) Example (first convert to binary) 147.184.9.9 = 10010011.10111000.1001.1001 now convert to Hex, but only the 23 bits (on of the rules) , starting from the right, and forget the rest (as you need to pre-pend 01 00 5E to your answer, also an IANA rule...) 10010011.10111000.1001.1001 Do Not Convert Convert = in binary 0111000.1001.10001 now convert to hex = in hex using 8421 code to get hex (break binary groups up into groups of 4, then convert to hex) = 0111000 = 38 in hex =1001 = 09 in hex (or 9) 0111000.1001.1001 =1001 = 09 in hex (or 9) = 38.09.09 = with pre-pend of 01.00.5E =01.00.5E.38.09.09 (this answer is your hex answer for ip address 147.184.9.9 mapped to multicast mac address) This is in your notes on CCNP switching(below is a snip taken from cisco web site) Ethernet MAC Address Mapping The IANA owns a block of Ethernet MAC addresses that start with 01:00:5E in hexadecimal format. Half of this block is allocated for multicast addresses. The range from 0100.5e00. through 0100.5e7f. is the available range of Ethernet MAC addresses for IP multicast. This allocation allows for 23 bits in the Ethernet address to correspond to the IP multicast group address. The mapping places the lower 23 bits of the IP multicast group address into these available 23 bits in the Ethernet address. HTH Regards Rob NA, NP -Original Message- From: Sergio [SMTP:[EMAIL PROTECTED]] Sent: 11 December 2001 20:33 To: [EMAIL PROTECTED] Subject: CCNP Switching - Mapping MAC address to IP Multicast [7:10] Hi all. This is my first message here. Greetings from Spain ;) Now, i have a question for you. I'm preparing my CCNP Switching exam, and now im reading about IP Multicast. The book says that IANA reserved some MAC address for using with IP Multicast. The book also says that MAC addresses must be mapped to IP Multicast address, and it explains how to map them. But i cant understand it. I dont understand how to map MAC address to IP Multicast addresses. Can u help me? Thanks in advice. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29038t=10 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT - How to get MAC address of remote device when I have the IP [7:28408]
Sorry for the off topic post. Does anyone know how I can determine the MAC address of a remote device when I do have the IP? I ping it but my arp cache only shows the local addresses. Any help would be appreciated. Thanks. Robert Provost Data Communications Engineer Genesis Health Ventures Phone: 610-925-1147 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28408t=28408 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]