Address Management

With the Address Management window, you can:

Change the aging time in the Dynamic Address Table.
Remove all dynamic addresses from this table.
Add and remove secure MAC addresses and ports in the Secure Address Table.
Add and remove static addresses in the Static Address Table.

Changing the Aging Time

Each switch maintains an address table of ports and their associated addresses that belong to a VLAN. The switch learns the MAC address of attached devices, their VLAN ID, and interface number by reading the source address of arriving packets. It adds these addresses to the address table and keeps table entries for the time specified in the Aging Time field.

A switch can learn an address in more than one VLAN, and a dynamic address that it learns in one VLAN can be entered as a secure address in another VLAN. An address that the switch learns in one VLAN is unknown in another VLAN until the address is learned or you enter it in the table.

As stations are added or removed from the network, the switch updates the Dynamic Address Table, adding new entries and aging those not in use. The switch also updates the address table by deleting all dynamic addresses associated with a port on which a VLAN membership change occurred.

To change the aging time for addresses in the Dynamic Address Table:

Select the Dynamic Address tab from the Address Management window.
In the Aging Time field, enter a number from 10 to 1000000 (seconds; about 11.5 days).
The aging interval applies to all switch VLANs. The default is 300 seconds.
Note: Setting too short an aging time can cause addresses to be prematurely removed from the table. Then when the switch receives a packet for an unknown destination, it floods the packet to all ports in the same VLAN as the receiving port. This unnecessary flooding can impact performance. Setting too long an aging time can cause the address table to be filled with unused addresses; it can cause delays when a workstation is moved to a new port.
Click OK to put your changes in effect and close the Address Management window.

Removing All Dynamic Addresses

To remove all addresses from the Dynamic Address Table, click Remove All.

After all entries are removed, the switch relearns them. However, when the switch encounters a packet for an unknown destination, it floods the packet to all ports. Flooding continues until the switch relearns all the addresses.

Adding and Removing Secure MAC Addresses

A secure address is a manually entered unicast address that is forwarded to only one port per VLAN. Secure addresses do not age; they are retained even when the switch reboots and can be manually entered or learned. You must manually remove secure addresses from the Secure Address table.

Note: If you change the VLAN membership of a secure port, the switch keeps the secure address but stops forwarding to this address in the changed VLAN. If the port is returned to the VLAN, the port becomes a destination port for the secure address again.

You can enter a secure port address even if the port is not yet assigned to the VLAN. When the port is assigned to the VLAN later, the switch forwards packets destined for that address to the port.

By setting up secure ports and secure addresses, you can prevent the switch from forwarding packets with source addresses outside the group. You can configure the switch to generate an alert and disable a secure port if it receives a packet with a MAC address that you manually added and associated with another secure port. If you define only a single secure address, you guarantee the full bandwidth of the port to the attached workstation or server. To set up secure addresses and secure ports, use the Secure Address Table on this window and the Port Security window.

You add a secure unicast address one port at a time. If you enter an address that is already assigned to another port, the switch reassigns the secure address to the port in your entry.

Note: The number of secure addresses associated with a port is limited by your entry in the Maximum Addresses field on the Port Security window.

To add a secure unicast address:

Select the Secure Address tab from the Address Management window.
Click New to display the New Security Address dialog box.
In the MAC Address field, enter the destination (secure) MAC address in the format hhhh.hhhh.hhhh.
Use hexadecimal numbers.
From the Interface drop-down list, select the interface and port number that forwards the packet to the secure address.
In the VLAN ID field, enter the ID that is configured for the port.
Click OK to create the new secure address and close the New Security Address dialog box.
Your entry appears on the Secure Address tab.
Click OK to save your entries to nonvolatile memory and close the window.

To remove a secure MAC address from the Secure Address table, select the address and click Remove.

To remove all secure addresses from the Secure Address tab, click Remove All.

Adding and Removing Static Addresses

Use the Static Address tab to enter any network address that must remain constant. In VLANs containing a static address, the switch forwards packets destined to this address. If the switch receives this address as a destination address for VLANs that contain no static addresses, it floods the packet within the receiver VLAN. If the switch receives the address as a source address from VLANs that contain no static address, the switch does not learn the address.

The switch does not age static addresses from the table when they are not in use and does not lose them when reset. When a VLAN membership change occurs, the switch keeps the static address, but the port is eliminated from the destination maps in the changed VLAN.

Note: You cannot configure a dynamic-access port as the source or destination port in a static address entry.

To add a static address:

Select the Static Address tab on the Address Management window.
Click New to display the New Static Address dialog box.
In the MAC Address field, enter the MAC address in the format hhhh.hhhh.hhhh.
Use hexadecimal numbers.
In the VLAN ID field, enter an ID that is assigned to more than one port.
Click OK to close the New Static Address dialog box.
Your entry appears in the Static Address list.
Select the new address from the list and click Forwarding.
The Static Address Forwarding table for the selected address is displayed.
When a port on the Received on Port list (the source ports) receives a packet with the new static destination address, it forwards the packet to the Forward to Ports (the destination ports). The switch forwards the packet through these ports to their destination.
Note: Port selection on the forwarding table is limited to ports that belong to the same VLAN. Other ports belong to a different VLAN. To forward to a port on a different VLAN, add the port to a VLAN to which the receiving port belongs.
Note: By default, an EtherChannel (EC) port group forwards packets based on its source address. For the default source-based port groups, configure the static address to forward to all ports in the port group to avoid losing packets. For destination-based port groups, configure the address to forward to only one port in the group to avoid transmitting duplicate packets.
Select a port in the Static Address Forwarding table, and click Modify to define its destination ports.
This displays the Modify Static Forwarding Map for the selected port.
Select a port from the Available Ports list and click Add to move the port to the Forward to Ports list.
Click Apply to put your changes in effect and continued defining destination ports.
When you finish defining destination ports, click OK to close the Modify Static Forwarding Map.
Click OK to close the Static Address Forwarding table for the selected address.
Click OK to close the Address Management window.

To display the forwarding characteristics of a static address, select it from the Static Address list and click Forwarding.

To remove a static address, select it from the Static Address list and click Remove.

Note: You can remove all static addresses from the Static Address list by clicking Remove All.