This is my first post in this serie/category. I will try to work every single point on the official CCIE Enterprise Blueprint in order to learn on first place for the exam and in second place to become a better engineer. I am also happy to share information with other people.
The official blueprint can be found on the official Cisco website CCIE+Enterprise+Infrastructure+(v1.0+RevA)+Exam+Topics.pdf (cisco.com).
The first topic is regarding how to manage the MAC-Address Table. Before we start managing the MAC-Address Table we will need to understand how MAC-Addresses are being added to the table.
For efficiently delivery of frames, a switch mantains an internal table where it associates a media access control (MAC) address to a port and a vlan or interface. How is this table feeded? Whenever a switch receives a frame it takes note about the port where the frame arrived and the source MAC-Address of it. The switch uses the information stored in the table to forward the frame to the correct port. If the destination MAC-Address is not present in the table, the switch will flood this single frame to all the ports on the switch except the one where the original frame came from. So the game starts again, at some point the machine representing the destination MAC-Address will answer to the request and at soons the frame arrives to the switch, it will take note of the MAC-Address and its port. Next time, whenenver another host on that switch will need to send a frame to the same MAC-Address the switch wont need to flood the frame in all directions, because it will use first the entry located in the MAC-Address table.
The table can be displayed by issuing the following command on the CLI.
SW1#show mac address-table Mac Address Table Vlan Mac Address Type Ports ---- ----------- -------- ----- 1 aabb.cc00.0200 DYNAMIC Et0/2 1 aabb.cc00.0300 DYNAMIC Et0/1 1 aabb.cc00.0400 DYNAMIC Et0/0 Total Mac Addresses for this criterion: 3 SW1#
In this output we can see three MAC-Addresses. Lets take the third MAC-Address (aabb.cc00.0400) as an example. We see that this MAC-Address has been learned dynamically from VLAN 1 and can be found over port Ethernet0/0.
Types of MAC-Addresses in this table
Dynamic
These are addresses that has been learned dynamically from incomming frames.
Static
These type of addresses has been set manually. By issuing the following command you can create a manually entry for a custom mac-address:
SW1(config)#mac-address-table static aaaa.bbbb.ccc vlan 3 interface ethernet 0/2
SW1#show mac address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 aabb.cc00.0200 DYNAMIC Et0/2
1 aabb.cc00.0300 DYNAMIC Et0/1
1 aabb.cc00.0400 DYNAMIC Et0/0
3 aaaa.bbbb.0ccc STATIC Et0/2
Total Mac Addresses for this criterion: 4
SW1#
Multicast
The same as for dynamic entries. Here entries for learned addresses from incomming frames.
How is the table maintained?
The lookup process for incomming frames never ends. Whenever a frame arrive to the switch source MAC-address and incomming port will be recorded along with a timestamp. If the address is already present in the table, only the timestamp will be updated. If the timestamp exceedes the aging-time the entry will be removed.
Aging-Time
The value for the aging-time can be set on per vlan basis. By issuing the command ‚mac address-table aging-time 65 vlan 4‘. In the output below we can see three different values for VLAN 3,4 and 6. If nothing is defined, the default aging-time is 300 seconds.
SW1#show mac address-table aging-time Global Aging Time: 300 Vlan Aging Time ---- ---------- 3 50 4 65 6 66 SW1#
If a port has been moved to a new port the switch will create a new entry with a new timestamp. The „old“ entry will be removed once it ages out.
When is an entry removed from the table?
The entries are removed when:
- …the configured aging-time has reached the limit (By default 300 seconds).
- …an interface goes down, all entries associated to this interface will be cleared.
- … they are manually cleared
Clearing dynamic entries manually
By issuing the command ‚clear mac address-table dynamic‚ we will flush all learned MAC-Addresses from the table.
We can also use further arguments to delete more specific entries:
| clear mac address-table dynamic address AF:AF:AF:AA:BB:CC | remove a specific address from the table. |
| clear mac address-table dynamic interface ethernet x/y | remove all addresses asociated with specific interface. |
| clear mac address-table dynamic interface port-channel XY | remove all addresses asociated with specific interface . |
| clear mac address-table dynamic vlan XY | remove all addresses asociated with specific VLAN. |
The MAC-Address table and its problems
As mentioned before the default switching process if the destination MAC-Address is not known, is to flood the frame over all ports except the one where there frame came from. There are some cases where excessive flooding occurs causing problems.
Spanning-Tree
Whenever a Topology Change occurs, the switch will lower the aging-time for a short period (max_age + forward_delay) to a value made of the forward_delay time (15 seconds).
We can see that the default values for max_age and forward_delay are 20 and 15 seconds, therefore the period when the aging-time is reduced to 15 seconds (forward_delay) will be 35 seconds (max_age + forward_delay) .
SW1#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address aabb.cc00.0100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 P2p
Et0/1 Desg FWD 100 128.2 P2p
Et0/2 Desg FWD 100 128.3 P2p
SW1#
If we have an issue on the network and Spanning-Tree is constantly changing the topology, the switch will be always eliminating addressess from the table since they will age out very quickly. This will cause the switch flooding constantly frames in all direction.
Table overflow
This can be caused non-intentionally or intentionally. Both are bad, but let us see in detail what happens.
The first one is mostly common when the hardware limtations has been exceeded. The switch provides a certain amount of memory dedicated for storing this data, when this number has been reached, there is no space for further addresses to be learned. If a host want to send a frame to a host within the segment that it is not yet in the table, the switch does not know where to send it and will start flooding every single frame in all directions in order to reach the destination.
On the other hand, a hacker can connect to a switch and create customized frames with randomly faked source MAC-Addresses. The switch will feed the table automatically and therefore the switch will start working as a hub and the hacker can access to information that was not predestinated for him.
How much entries does my switch support?
Issuing the ’show mac address-table count‘ command we can look not only at the total space available for the switch, but also how many addresses are currently stored in the table.
SW1#show mac address-table count Mac Entries for Vlan 1: --------------------------- Dynamic Address Count : 3 Static Address Count : 0 Total Mac Addresses : 3 Total Mac Address Space Available: 221571720
I bit, therefore I byte 