Cisco 1900 IOS Configuration Commands
615
permanent Configure a permanent address
restricted Configure a restricted static address
After you choose the mac-address-table permanent command, add
the hardware address and the interface it is associated with. This will
restrict the interface to only accept frames from this source hardware address.
Todd1900EN(config)#mac-address-table permanent ?
H.H.H 48 bit hardware address
Todd1900EN(config)#mac-address-table permanent
00A0.2448.60A5 e0/4
Once you have configured the entry, you can verify it by using the show
mac-address-table
command.
Todd1900EN#sh mac-address-table
Number of permanent addresses : 1
Number of restricted static addresses : 0
Number of dynamic addresses : 3
Address Dest Interface Type Source Interface List
00A0.2448.60A5 Ethernet 0/4 Permanent All
00A0.246E.0FA8 Ethernet 0/2 Dynamic All
0000.8147.4E11 Ethernet 0/5 Dynamic All
0000.8610.C16F Ethernet 0/1 Dynamic All
In the switch output above, notice that interface 4 now has a permanent
entry with hardware address 00A0.2448.60A5. No other device can con-
nect into interface 4 without updating the permanent entry in the MAC
filter table.
Setting Static MAC Address Entries
You can take this security thing one step further. You can now tell a source
interface that it is only allowed to send frames out of a defined interface. You
do this with the restricted static command. This could cause some real
havoc at work; you may only want to use this command on your friends if
it is a slow day at work. That'll liven things up a bit.
The command mac-address-table restricted static is looking for
two options: The first one is the hardware address of the destination inter-
face. The second option will be the source interface that is allowed to
communicate with this destination interface.
Copyright ©2002 SYBEX, Inc., Alameda, CA
www.sybex.com