max. number of Mac address on 2960

Answered Question
Aug 2nd, 2008

hi,

i have come to know that 2960-48-TTL supports up 8000 mac addresses. i would like to know how many mac address a single port can support.

i have 2960 connected to linksys and further linksys connects to another linksys switch. My network is chocking. Any reason. i feel it may be due to mac-address.

Thanks

I have this problem too.
0 votes
Correct Answer by tdrais about 8 years 4 months ago

Was not going to post on this one but the above post is misleading. Port security does indeed limit the number of addresses but this feature is not enabled by default.

This is a complex question because it works slightly differently on different switches and can have limits per vlan.

Since it appears you are running a simple single vlan you can assume that all 8000 are usable.

The key here is that the mac table is a central table it does not reside on a buffer or something on a port. It is a lookup table for the switch to find the port when it knows a mac not the other way around. So if the table has 8000 entries in theory I guess all 8000 could point to the same port.

Even in a huge network you will never see that many mac addresses. There are attacks that attempt to flood the mac table but there are options on the switch mitigate this. It is very unlikely you are exceeding the mac table. You could attempt to show the mac table and it will be very obvious if you have a issue.

More than likely you have a spanning tree issue. If possible turn spanning tree on the small switches. If they are the very cheap non managed ones they do not support spanning tree. All it takes to disable a network that does not have spanning tree on is to plug 2 ports together.

It will be very hard if the only managed switch you have is the 2960. You could run wireshark and span "monitor" the uplink to your other switches. This would allow you to see the traffic.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Justin Brenton Sat, 08/02/2008 - 05:24

By default, only one mac address per interface, and shuts down violation

-> change using switchport port-security maximum [1-132]

Hope this helps, Please rate if so.

Regards,

Justin

Correct Answer
tdrais Sat, 08/02/2008 - 13:44

Was not going to post on this one but the above post is misleading. Port security does indeed limit the number of addresses but this feature is not enabled by default.

This is a complex question because it works slightly differently on different switches and can have limits per vlan.

Since it appears you are running a simple single vlan you can assume that all 8000 are usable.

The key here is that the mac table is a central table it does not reside on a buffer or something on a port. It is a lookup table for the switch to find the port when it knows a mac not the other way around. So if the table has 8000 entries in theory I guess all 8000 could point to the same port.

Even in a huge network you will never see that many mac addresses. There are attacks that attempt to flood the mac table but there are options on the switch mitigate this. It is very unlikely you are exceeding the mac table. You could attempt to show the mac table and it will be very obvious if you have a issue.

More than likely you have a spanning tree issue. If possible turn spanning tree on the small switches. If they are the very cheap non managed ones they do not support spanning tree. All it takes to disable a network that does not have spanning tree on is to plug 2 ports together.

It will be very hard if the only managed switch you have is the 2960. You could run wireshark and span "monitor" the uplink to your other switches. This would allow you to see the traffic.

Actions

This Discussion