Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
610
Views
0
Helpful
3
Replies

MAC Full

netbeginner
Level 2
Level 2

‎06-14-2010 11:33 AM - edited ‎03-06-2019 11:34 AM

Hi Experts

Below is the output of "show mac-address-table count" output from L3 Switch. PLease help me to understand meaning of all lines. I am also seeing the MAC address count available is 32768 and in Use Mac-address table is also close to 32768. We are getting some problem due to this and looking for some solution to solve this problem.


MAC Entries for all vlans:
Dynamic Unicast Address Count:                  32356
Static Unicast Address (User-defined) Count:    0
Static Unicast Address (System-defined) Count:  45
Total Unicast MAC Addresses In Use:             32401
Total Unicast MAC Addresses Available:          32768
Multicast MAC Address Count:                    135
Total Multicast MAC Addresses Available:        16384

***

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-14-2010 11:39 AM

Hello Netbeginner,

what device is this?

Total Unicast MAC Addresses In Use:             32401

there is some device misbehaving, or you are under a MAC flood attack

performance is highly impacted when CAM table is full

you can use sh mac address-table count vlan X to see if most of these MAC addresses are learned in a single Vlan (likely)

you can try to use port security with action shutdown to find out the port where the misbehaving device (if external) is connected

Hope to help

Giuseppe

0 Helpful

netbeginner
Level 2
Level 2
In response to Giuseppe Larosa

‎06-15-2010 09:54 AM

Hi Giuseppe,

Thxns..this is cisco 4507 switch

--> Yes we have tryed this command "sh mac address-table count vlan X" and found some huge MACs are learning on some particular VLAN. How to reduce this.. ?

--> For "port security with action shutdown" ...If we'll use this feature on devive port. there may be possibility that it will shutdown the respective port and may cause our critical sites to isloate. by d way...wht is the command to enable this feature...

Please suggest how to stop MAC address flooding.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to netbeginner

‎06-15-2010 11:04 AM

Hello Netbeginner,

if you find out that most MAC addresses are learned by the same port it is enough to shut it

use

sh mac address-table it should be evident if there is a single port where you learn a lot of MAC addresses

this works if the problem is originated outside the switch

Hope to help

Giuseppe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card