bridge multicast filtering

To enable the filtering of Multicast addresses, use the bridge multicast filtering Global Configuration mode command. To disable Multicast address filtering, use the no form of this command.

Syntax

bridge multicast filtering no bridge multicast filtering

Parameters

This command has no arguments or keywords.

Default Configuration

Multicast address filtering is disabled. All Multicast addresses are flooded to all ports.

Command Mode

Global Configuration mode

User Guidelines

When this feature is enabled, unregistered Multicast traffic (as opposed to registered) will still be flooded.

All registered Multicast addresses will be forwarded to the Multicast groups. There are two ways to manage Multicast groups, one is the IGMP Snooping feature, and the other is the bridge multicast forward-all command.

Example

The following example enables bridge Multicast filtering.

switchxxxxxx(config)# bridge multicast filtering

bridge multicast mode

To configure the Multicast bridging mode, use the bridge multicast mode Interface (VLAN) Configuration mode command. To return to the default configuration, use the no form of this command.

Syntax

bridge multicast mode {mac-group | ipv4-group | ipv4-src-group} no bridge multicast mode

Parameters

mac-group—Specifies that Multicast bridging is based on the packet’s VLAN and MAC address.
ipv4-group—Specifies that Multicast bridging is based on the packet’s VLAN and MAC address for non-IPv4 packets, and on the packet’s VLAN and IPv4 destination address for IPv4 packets.
ipv4-src-group—Specifies that Multicast bridging is based on the packet’s VLAN and MAC address for non-IPv4 packets, and on the packet’s VLAN, IPv4 destination address and IPv4 source address for IPv4 packets.

Default Configuration

The default mode is mac-group.

Command Mode

Interface (VLAN) Configuration mode

User Guidelines

Use the mac-group option when using a network management system that uses a

MIB based on the Multicast MAC address. Otherwise, it is recommended to use the ipv4 mode, because there is no overlapping of IPv4 Multicast addresses in these modes.

For each Forwarding Data Base (FDB) mode, use different CLI commands to configure static entries in the FDB, as described in the following table:

FDB Mode		CLI Commands
mac-group	bridge multicast address	bridge multicast forbidden address
ipv4-group	bridge multicast ip-address	bridge multicast forbidden ip-addresss
ipv4-src-group	bridge multicast source group	bridge multicast forbidden source group

The following table describes the actual data that is written to the Forwarding Data Base (FDB) as a function of the IGMP version that is used in the network:

FDB mode	IGMP version 2	IGMP version 3
mac-group	MAC group address	MAC group address
ipv4-group	IP group address	IP group address
ipv4-src-group	(*)	IP source and group addresses

bridge multicast address

To register a MAC-layer Multicast address in the bridge table and statically add or remove ports to or from the group, use the bridge multicast address Interface (VLAN) Configuration mode command. To unregister the MAC address, use the no form of this command.

Syntax

bridge multicast address {mac-multicast-address | ipv4-multicast-address} [{add | remove} {ethernet interface-list | port-channel port-channel-list}] no bridge multicast address mac-multicast-address

Parameters

mac-multicast-address | ipv4-multicast-address—Specifies the group Multicast address.
add—(Optional) Adds ports to the group.
remove—(Optional) Removes ports from the group.
ethernet interface-list—(Optional) Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces. Use a hyphen to designate a range of ports.
port-channel port-channel-list—(Optional) Specifies a list of port channels. Separate nonconsecutive port-channels with a comma and no spaces; use a hyphen to designate a range of port channels.

Default Configuration

No Multicast addresses are defined.

If ethernet interface-list or port-channel port-channel-list is specified without specifying add or remove, the default option is add.

Command Mode

Interface (VLAN) Configuration mode

User Guidelines

To register the group in the bridge database without adding or removing ports or port channels, specify the mac-multicast-address parameter only.

Static Multicast addresses can be defined on static VLANs only.

You can execute the command before the VLAN is created.

Examples

Example 1 – The following example registers the MAC address to the bridge table:

switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast address 01:00:5e:02:02:03

Example 2 – The following example registers the MAC address and adds ports statically.

switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast address 01:00:5e:02:02:03 add te1/0/1-2

bridge multicast forbidden address

To forbid adding or removing a specific Multicast address to or from specific ports, use the bridge multicast forbidden address IInterface (VLAN) Configuration mode command. To restore the default configuration, use the no form of this command.

Syntax

bridge multicast forbidden address {mac-multicast-address |

ipv4-multicast-address} {add | remove} {ethernet interface-list | port-channel port-channel-list} no bridge multicast forbidden address mac-multicast-address

Parameters

mac-multicast-address | ipv4-multicast-address—Specifies the group Multicast address.
add—Forbids adding ports to the group.
remove—Forbids removing ports from the group.
ethernet interface-list—Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces. Use a hyphen to designate a range of ports.
port-channel port-channel-list—Specifies a list of port channels. Separate nonconsecutive port-channels with a comma and no spaces. Use a hyphen to designate a range of port channels.

Default Configuration

No forbidden addresses are defined.

Default option is add.

Command Mode

Interface (VLAN) Configuration mode

User Guidelines

Before defining forbidden ports, the Multicast group should be registered, using bridge multicast address.

You can execute the command before the VLAN is created.

Example

The following example forbids MAC address 0100.5e02.0203 on port te1/0/4 within VLAN 8.

switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast address 0100.5e02.0203
switchxxxxxx(config-if)# bridge multicast forbidden address 0100.5e02.0203 add te1/0/4

bridge multicast ip-address

To register IP-layer Multicast addresses to the bridge table, and statically add or remove ports to or from the group, use the bridge multicast ip-address IInterface (VLAN) Configuration mode command. To unregister the IP address, use the no form of this command.

Syntax

bridge multicast ip-address ip-multicast-address [[add | remove] {interface-list | port-channel port-channel-list}] no bridge multicast ip-address ip-multicast-address

Parameters

ip-multicast-address—Specifies the group IP Multicast address.
add—(Optional) Adds ports to the group.
remove—(Optional) Removes ports from the group.
interface-list—(Optional) Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces. Use a hyphen to designate a range of ports.
port-channel port-channel-list—(Optional) Specifies a list of port channels. Separate nonconsecutive port-channels with a comma and no spaces. Use a hyphen to designate a range of port channels.

Default Configuration

No Multicast addresses are defined.

Default option is add.

Command Mode

Interface (VLAN) Configuration mode

User Guidelines

To register the group in the bridge database without adding or removing ports or port channels, specify the ip-multicast-address parameter only.

Static Multicast addresses can be defined on static VLANs only.

You can execute the command before the VLAN is created.

Example

The following example registers the specified IP address to the bridge table:

switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast ip-address 239.2.2.2

The following example registers the IP address and adds ports statically.

switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast ip-address 239.2.2.2 add te1/0/4

bridge multicast forbidden ip-address

To forbid adding or removing a specific IP Multicast address to or from specific ports, use the bridge multicast forbidden ip-address Interface (VLAN) Configuration mode command. To restore the default configuration, use the no form of this command.

Syntax

bridge multicast forbidden ip-address {ip-multicast-address} {add | remove}

{ethernet interface-list | port-channel port-channel-list} no bridge multicast forbidden ip-address ip-multicast-address

Parameters

ip-multicast-address—Specifies the group IP Multicast address.
add—(Optional) Forbids adding ports to the group.
remove—(Optional) Forbids removing ports from the group.
ethernet interface-list—(Optional) Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces. Use a hyphen to designate a range of ports.
port-channel port-channel-list—(Optional) Specifies a list of port channels. Separate nonconsecutive port-channels with a comma and no spaces. Use a hyphen to designate a range of port channels.

Default Configuration

No forbidden addresses are defined.

Command Mode

Interface (VLAN) Configuration mode

User Guidelines

Before defining forbidden ports, the Multicast group should be registered.

You can execute the command before the VLAN is created.

Example

The following example registers IP address 239.2.2.2, and forbids the IP address on port te1/0/4 within VLAN 8.

switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast ip-address 239.2.2.2
switchxxxxxx(config-if)# bridge multicast forbidden ip-address 239.2.2.2 add te1/0/4

bridge multicast source group

To register a source IP address – Multicast IP address pair to the bridge table, and statically add or remove ports to or from the source-group, use the bridge multicast source group Interface (VLAN) Configuration mode command. To unregister the source-group-pair, use the no form of this command.

Syntax

bridge multicast source ip-address group ip-multicast-address [[add | remove]

{ethernet interface-list | port-channel port-channel-list}] no bridge multicast source ip-address group ip-multicast-address

Parameters

ip-address—Specifies the source IP address.
ip-multicast-address—Specifies the group IP Multicast address.
add—(Optional) Adds ports to the group for the specific source IP address.
remove—(Optional) Removes ports from the group for the specific source IP address.
ethernet interface-list—(Optional) Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces. Use a hyphen to designate a range of ports.
port-channel port-channel-list—(Optional) Specifies a list of port channels. Separate nonconsecutive port-channels with a comma and no spaces; use a hyphen to designate a range of port channels.

Default Configuration

No Multicast addresses are defined.

The default option is add.

Command Mode

Interface (VLAN) Configuration mode

User Guidelines

You can execute the command before the VLAN is created.

Example

The following example registers a source IP address – Multicast IP address pair to the bridge table:

switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast source 13.16.1.1 group 239.2.2.2

bridge multicast forbidden source grou

To forbid adding or removing a specific IP source address – Multicast address pair to or from specific ports, use the bridge multicast forbidden source group IInterface (VLAN) Configuration mode command. To return to the default configuration, use the no form of this command.

Syntax

bridge multicast forbidden source ip-address group ip-multicast-address {add |

remove} {ethernet interface-list | port-channel port-channel-list} no bridge multicast forbidden source ip-address group ip-multicast-address

Parameters

ip-address—Specifies the source IP address.
ip-multicast-address—Specifies the group IP Multicast address.
add—(Optional) Forbids adding ports to the group for the specific source IP address.
remove—(Optional) Forbids removing ports from the group for the specific source IP address.
ethernet interface-list—(Optional) Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces. Use a hyphen to designate a range of ports.
port-channel port-channel-list—(Optional) Specifies a list of port channels. Separate nonconsecutive port-channels with a comma and no spaces; use a hyphen to designate a range of port channels.

Default Configuration

No forbidden addresses are defined.

Command Mode

Interface (VLAN) Configuration mode

User Guidelines

Before defining forbidden ports, the Multicast group should be registered.

You can execute the command before the VLAN is created.

Example

The following example registers a source IP address – Multicast IP address pair to the bridge table, and forbids adding the pair to port te1/0/4 on VLAN 8:

switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast source 13.16.1.1 group 239.2.2.2
switchxxxxxx(config-if)# bridge multicast forbidden source 13.16.1.1 group 239.2.2.2 add te1/0/4

bridge multicast ipv6 mode

To configure the Multicast bridging mode for IPv6 Multicast packets, use the bridge multicast ipv6 mode Interface (VLAN) Configuration mode command. To return to the default configuration, use the no form of this command.

Syntax

bridge multicast ipv6 mode {mac-group | ip-group | ip-src-group} no bridge multicast ipv6 mode

Parameters

mac-group—Specifies that Multicast bridging is based on the packet’s VLAN and MAC destination address.
ip-group—Specifies that Multicast bridging is based on the packet’s VLAN and IPv6 destination address for IPv6 packets.
ip-src-group—Specifies that Multicast bridging is based on the packet’s VLAN, IPv6 destination address and IPv6 source address for IPv6 packets.

Default Configuration

The default mode is mac-group.

Command Mode

Interface (VLAN) Configuration mode

User Guidelines

Use the mac-group mode when using a network management system that uses a MIB based on the Multicast MAC address.

For each Forwarding Data Base (FDB) mode, use different CLI commands to configure static entries for IPv6 Multicast addresses in the FDB, as described in the following table::

FDB Mode	CLI Commands
mac-group	bridge multicast address bridge multicast forbidden address
ipv6-group	bridge multicast ipv6 bridge multicast ipv6ip-address forbidden ip-address
ipv6-src-grou p	bridge multicast ipv6 source bridge multicast ipv6group forbidden source group

The following table describes the actual data that is written to the Forwarding Data Base (FDB) as a function of the MLD version that is used in the network:

FDB mode	MLD version 1	MLD version 2
mac-group	MAC group address	MAC group address
ipv6-group	IPv6 group address	IPv6 group address
ipv6-src-group	(*)	IPv6 source and group addresses

(*) In ip-src-group mode a match is performed on 4 bytes of the multicast address and 4 bytes of the source address. In the group address the last 4 bytes of the address are checked for match. In the source address the last 3 bytes and 5th from last bytes of the interface ID are examined.

(*) Note that (*,G) cannot be written to the FDB if the mode is ip-src-group. In that case, no new FDB entry is created, but the port is added to the (S,G) entries (if they exist) that belong to the requested group.

If an application on the device requests (*,G), the operating FDB mode is changed to ip-group.

You can execute the command before the VLAN is created.

Example

The following example configures the Multicast bridging mode as an ip-group on VLAN 2.

switchxxxxxx(config)# interface vlan 2
switchxxxxxx(config-if)# bridge multicast ipv6 mode ip-group

bridge multicast ipv6 ip-address

To register an IPv6 Multicast address to the bridge table, and statically add or remove ports to or from the group, use the bridge multicast ipv6 ip-address Interface (VLAN) Configuration mode command. To unregister the IPv6 address, use the no form of this command.

Syntax

bridge multicast ipv6 ip-address ipv6-multicast-address [[add | remove] {ethernet

interface-list | port-channel port-channel-list}] no bridge multicast ipv6 ip-address ip-multicast-address

Parameters

ipv6-multicast-address—Specifies the group IPv6 multicast address.
add—(Optional) Adds ports to the group.
remove—(Optional) Removes ports from the group.
ethernet interface-list—(Optional) Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces; use a hyphen to designate a range of ports.
port-channel port-channel-list—(Optional) Specifies a list of port channels. Separate nonconsecutive port-channels with a comma and no spaces. Use a hyphen to designate a range of port channels.

Default Configuration

No Multicast addresses are defined.

The default option is add.

Command Mode

Interface (VLAN) Configuration mode

User Guidelines

To register the group in the bridge database without adding or removing ports or port channels, specify the ipv6-multicast-address parameter only.

Static Multicast addresses can be defined on static VLANs only.

You can execute the command before the VLAN is created.

Examples

Example 1 – The following example registers the IPv6 address to the bridge table:

switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast ipv6 ip-address FF00:0:0:0:4:4:4:1

Example 2 – The following example registers the IPv6 address and adds ports statically.

switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast ipv6 ip-address FF00:0:0:0:4:4:4:1 add te1/0/1-2

bridge multicast ipv6 forbidden ip-address

To forbid adding or removing a specific IPv6 Multicast address to or from specific ports, use the bridge multicast ipv6 forbidden ip-address Interface (VLAN) Configuration mode command. To restore the default configuration, use the no form of this command.

Syntax

bridge multicast ipv6 forbidden ip-address {ipv6-multicast-address} {add | remove} {ethernet interface-list | port-channel port-channel-list} no bridge multicast ipv6 forbidden ip-address ipv6-multicast-address

Parameters

ipv6-multicast-address—Specifies the group IPv6 Multicast address.
add—(Optional) Forbids adding ports to the group.
remove—(Optional) Forbids removing ports from the group.
ethernet interface-list—(Optional) Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces. Use a hyphen to designate a range of ports.
port-channel port-channel-list—(Optional) Specifies a list of port channels. Separate nonconsecutive port-channels with a comma and no spaces. Use a hyphen to designate a range of port channels.

Default Configuration

No forbidden addresses are defined.

The default option is add.

Command Mode

Interface (VLAN) Configuration mode

User Guidelines

Before defining forbidden ports, the Multicast group should be registered.

You can execute the command before the VLAN is created.

Example

The following example registers an IPv6 Multicast address, and forbids the IPv6 address on port te1/0/4 within VLAN 8.

switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast ipv6 ip-address FF00:0:0:0:4:4:4:1
switchxxxxxx(config-if)# bridge multicast ipv6 forbidden ip-address FF00:0:0:0:4:4:4:1 add te1/0/4

bridge multicast ipv6 source group

To register a source IPv6 address – Multicast IPv6 address pair to the bridge table, and statically add or remove ports to or from the source-group, use the bridge multicast ipv6 source group Interface (VLAN) Configuration mode command. To unregister the source-group-pair, use the no form of this command.

Syntax

bridge multicast ipv6 source ipv6-source-address group ipv6-multicast-address

[[add | remove] {ethernet interface-list | port-channel port-channel-list}] no bridge multicast ipv6 source ipv6-address group ipv6-multicast-address

Parameters

ipv6-source-address—Specifies the source IPv6 address.
ipv6-multicast-address—Specifies the group IPv6 Multicast address.
add—(Optional) Adds ports to the group for the specific source IPv6 address.
remove—(Optional) Removes ports from the group for the specific source IPv6 address.
ethernet interface-list—(Optional) Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces. Use a hyphen to designate a range of ports.
port-channel port-channel-list—(Optional) Specifies a list of port channels. Separate nonconsecutive port-channels with a comma and no spaces. Use a hyphen to designate a range of port channels.

Default Configuration

No Multicast addresses are defined.

The default option is add.

Command Mode

Interface (VLAN) Configuration mode

Example

The following example registers a source IPv6 address – Multicast IPv6 address pair to the bridge table:

switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast source 2001:0:0:0:4:4:4 group FF00:0:0:0:4:4:4:1

bridge multicast ipv6 forbidden source group

To forbid adding or removing a specific IPv6 source address – Multicast address pair to or from specific ports, use the bridge multicast ipv6 forbidden source group Interface (VLAN) Configuration mode command. To return to the default configuration, use the no form of this command.

Syntax

bridge multicast ipv6 forbidden source ipv6-source-address group

ipv6-multicast-address {add | remove} {ethernet interface-list | port-channel port-channel-list}

no bridge multicast ipv6 forbidden source ipv6-address group

ipv6-multicast-address

Parameters

ipv6-source-address—Specifies the source IPv6 address.
ipv6-multicast-address—Specifies the group IPv6 Multicast address.
add—Forbids adding ports to the group for the specific source IPv6 address.
remove—Forbids removing ports from the group for the specific source IPv6 address.
ethernet interface-list—Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces. Use a hyphen to designate a range of ports.
port-channel port-channel-list—Specifies a list of port channels. Separate nonconsecutive port-channels with a comma and no spaces; use a hyphen to designate a range of port channels.

Default Configuration

No forbidden addresses are defined.

Command Mode

Interface (VLAN) Configuration mode

User Guidelines

Before defining forbidden ports, the Multicast group should be registered.

You can execute the command before the VLAN is created.

Example

The following example registers a source IPv6 address – Multicast IPv6 address pair to the bridge table, and forbids adding the pair to te1/0/4 on VLAN 8:

switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast source 2001:0:0:0:4:4:4 group FF00:0:0:0:4:4:4:1
switchxxxxxx(config-if)# bridge multicast forbidden source 2001:0:0:0:4:4:4:1 group FF00:0:0:0:4:4:4:1 add te1/0/4

bridge multicast unregistered

To configure forwarding unregistered Multicast addresses, use the bridge multicast unregistered Interface (Ethernet, Port Channel) Configuration mode command. To restore the default configuration, use the no form of this command.

Syntax

bridge multicast unregistered {forwarding | filtering} no bridge multicast unregistered

Parameters

forwarding—Forwards unregistered Multicast packets.
filtering—Filters unregistered Multicast packets.

Default Configuration

Unregistered Multicast addresses are forwarded.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

User Guidelines

Do not enable unregistered Multicast filtering on ports that are connected to routers, because the 224.0.0.x address range should not be filtered. Note that routers do not necessarily send IGMP reports for the 224.0.0.x range.

You can execute the command before the VLAN is created.

Example

The following example specifies that unregistered Multicast packets are filtered on te1/0/1:

switchxxxxxx(config)# interface te1/0/1
switchxxxxxx(config-if)# bridge multicast unregistered filtering

bridge multicast forward-all

To enable forwarding all multicast packets for a range of ports or port channels, use the bridge multicast forward-all Interface (VLAN) Configuration mode command. To restore the default configuration, use the no form of this command.

Syntax

bridge multicast forward-all {add | remove} {ethernet interface-list | port-channel

port-channel-list} no bridge multicast forward-all

Parameters

add—Forces forwarding of all Multicast packets.
remove—Does not force forwarding of all Multicast packets.
ethernet interface-list—Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces. Use a hyphen to designate a range of ports.
port-channel port-channel-list—Specifies a list of port channels. Separate nonconsecutive port-channels with a comma and no spaces. Use a hyphen to designate a range of port channels.

Default Configuration

Forwarding of all Multicast packets is disabled.

Command Mode

Interface (VLAN) Configuration mode

Example

The following example enables all Multicast packets on port te1/0/4 to be forwarded.

switchxxxxxx(config)# interface vlan 2
switchxxxxxx(config-if)# bridge multicast forward-all add te1/0/4

bridge multicast forbidden forward-all

To forbid a port to dynamically join Multicast groups, use the bridge multicast forbidden forward-all Interface (VLAN) Configuration mode command. To restore the default configuration, use the no form of this command.

Syntax

bridge multicast forbidden forward-all {add | remove} {ethernet interface-list | port-channel port-channel-list} no bridge multicast forbidden forward-all

Parameters

add—Forbids forwarding of all Multicast packets.
remove—Does not forbid forwarding of all Multicast packets.
ethernet interface-list —Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces. Use a hyphen to designate a range of ports.
port-channel port-channel-list—Specifies a list of port channels. Separate nonconsecutive port-channels with a comma and no spaces; use a hyphen to designate a range of port channels.

Default Configuration

Ports are not forbidden to dynamically join Multicast groups.

The default option is add.

Command Mode

Interface (VLAN) Configuration mode

User Guidelines

Use this command to forbid a port to dynamically join (by IGMP, for example) a Multicast group.

The port can still be a Multicast router port.

Example

The following example forbids forwarding of all Multicast packets to te1/0/1 within VLAN 2.

switchxxxxxx(config)# interface vlan 2
switchxxxxxx(config-if)# bridge multicast forbidden forward-all add ethernet te1/0/1

bridge unicast unknown

To enable egress filtering of Unicast packets where the destination MAC address is unknown to the device, use the bridge unicast unknown Interface (Ethernet, Port Channel) Configuration mode command. To restore the default configuration, use the no form of this command.

Syntax

bridge unicast unknown {filtering | forwarding} no bridge unicast unknown

Parameters

filtering—Filter unregistered Unicast packets.
forwarding—Forward unregistered Unicast packets.

Default Configuration Forwarding.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode.

Example

The following example drops Unicast packets on te1/0/1 when the destination is unknown.

switchxxxxxx(config)# interface te1/0/1
switchxxxxxx(config-if)# bridge unicast unknown filtering

show bridge unicast unknown

To display the unknown Unicast filtering configuration, use the show bridge unicast unknown Privileged EXEC mode command.

Syntax

show bridge unicast unknown [interface-id]

Parameters

interface-id—(Optional) Specify an interface ID. The interface ID can be one of the

following types: Ethernet port or port-channel

Command Mode

Privileged EXEC mode

Example

Console # show bridge unicast unknown

Port	Unregistered
——–	———————
te1/0/1	Forward
te1/0/2	Filter
te1/0/3	Filter

mac address-table static

To add a MAC-layer station source address to the MAC address table, use the mac address-table static Global Configuration mode command. To delete the MAC address, use the no form of this command.

Syntax

mac address-table static mac-address vlan vlan-id interface interface-id

[permanent | delete-on-reset | delete-on-timeout | secure]| no mac address-table static [mac-address] vlan vlan-id

Parameters

mac-address—MAC address (Range: Valid MAC address)
vlan-id— Specify the VLAN
interface-id—Specify an interface ID. The interface ID can be one of the following types: Ethernet port or port-channel (Range: valid ethernet port, valid port-channel)
permanent—(Optional) The permanent static MAC address. The keyword is applied by the default.
delete-on-reset—(Optional)The delete-on-reset static MAC address.
delete-on-timeout—(Optional)The delete-on-timeout static MAC address.
secure—(Optional)The secure MAC address. May be used only in a secure mode.

Default Configuration

No static addresses are defined. The default mode for an added address is permanent.

Command Mode

Global Configuration mode

User Guidelines

Use the command to add a static MAC address with given time-to-live in any mode or to add a secure MAC address in a secure mode.

Each MAC address in the MAC address table is assigned two attributes: type and time-to-live.

The following value of time-of-live is supported:

permanent—MAC address is saved until it is removed manually.
delete-on-reset—MAC address is saved until the next reboot.
delete-on-timeout—MAC address that may be removed by the aging timer. The following types are supported:
static— MAC address manually added by the command with the following keywords specifying its time-of-live:
- permanent
- delete-on-reset
- delete-on-timeout
- static MAC address may be added in any port mode.
secure— A MAC address added manually or learned in a secure mode. Use the mac address-table static command with the secure keyword to add a secure MAC address. The MAC address cannot be relearned.
- secure MAC address may be added only in a secure port mode.
dynamic— a MAC address learned by the switch in non-secure mode. A value of its time-to-live attribute is delete-on-timeout.

Examples

Example 1 – The following example adds two permanent static MAC address:

switchxxxxxx(config)# mac address-table static 00:3f:bd:45:5a:b1 vlan 1 interface te1/0/1
switchxxxxxx(config)# mac address-table static 00:3f:bd:45:5a:b2 vlan 1 interface te1/0/1 permanent

Example 2 – The following example adds a deleted-on-reset static MAC address:

switchxxxxxx(config)# mac address-table static 00:3f:bd:45:5a:b2 vlan 1 interface te1/0/1 delete-on-reset

Example 3 – The following example adds a deleted-on-timeout static MAC address:

switchxxxxxx(config)# mac address-table static 00:3f:bd:45:5a:b2 vlan 1 interface te1/0/1 delete-on-timeout

Example 4 – The following example adds a secure MAC address:

switchxxxxxx(config)# mac address-table static 00:3f:bd:45:5a:b2 vlan 1 interface te1/0/1 secure

clear mac address-table

To remove learned or secure entries from the forwarding database (FDB), use the clear mac address-table Privileged EXEC mode command.

Syntax

clear mac address-table dynamic interface interface-id clear mac address-table secure interface interface-id Parameters

dynamic interface interface-id—Delete all dynamic (learned) addresses on the specified interface.The interface ID can be one of the following types: Ethernet port or port-channel. If interface ID is not supplied, all dynamic addresses are deleted.
secure interface interface-id—Delete all the secure addresses learned on the specific interface. A secure address on a MAC address learned on ports on which port security is defined.

Default Configuration

For dynamic addresses, if interface-id is not supplied, all dynamic entries are deleted.

Command Mode

Privileged EXEC mode

Examples

Example 1 – Delete all dynamic entries from the FDB.

switchxxxxxx# clear mac address-table dynamic

Example 2 – Delete all secure entries from the FDB learned on secure port te1/0/1.

switchxxxxxx# clear mac address-table secure interface te1/0/1

mac address-table aging-time

To set the aging time of the address table, use the mac address-table aging-time Global configuration command. To restore the default, use the no form of this command.

Syntax mac address-table aging-time seconds no mac address-table aging-time

Parameters seconds—Time is number of seconds. (Range:10-630)

Default Configuration

300

Command Mode

Global Configuration mode

Example

switchxxxxxx(config)# mac address-table aging-time 600

port security

To enable port security learning mode on an interface, use the port security Interface (Ethernet, Port Channel) Configuration mode command. To disable port security learning mode on an interface, use the no form of this command.

Syntax

port security [forward | discard | discard-shutdown] [trap seconds] no port security

Parameters

forward—(Optional) Forwards packets with unlearned source addresses, but does not learn the address.
discard—(Optional) Discards packets with unlearned source addresses.
discard-shutdown—(Optional) Discards packets with unlearned source addresses and shuts down the port.
trap seconds—(Optional) Sends SNMP traps and specifies the minimum time interval in seconds between consecutive traps. (Range: 1–1000000)

Default Configuration

The feature is disabled by default.

The default mode is discard.

The default number of seconds is zero, but if traps is entered, a number of seconds must also be entered.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

User Guidelines

The command may be used only when the interface in the regular (non-secure with unlimited MAC learning) mode.

See the mac address-table static command for information about MAC address attributes (type and time-to-live) definitions.

When the port security command enables the lock mode on a port all dynamic addresses learned on the port are changed to permanent secure addresses.

When the port security command enables a mode on a port differing from the lock mode all dynamic addresses learned on the port are deleted.

When the no port security command cancels a secure mode on a port all secure addresses defined on the port are changed to dynamic addresses.

Additionally to set a mode, use the port security command to set an action that the switch should perform on a frame which source MAC address cannot be learned.

Example

The following example forwards all packets to port te1/0/1 without learning addresses of packets from unknown sources and sends traps every 100 seconds, if a packet with an unknown source address is received.

switchxxxxxx(config)# interface te1/0/4
switchxxxxxx(config-if)# port security mode lock
switchxxxxxx(config-if)# port security forward trap 100
switchxxxxxx(config-if)# exit

port security mode

To configure the port security learning mode, use the port security mode Interface (Ethernet, Port Channel) Configuration mode command. To restore the default configuration, use the no form of this command.

Syntax

port security mode {max-addresses | lock | secure permanent | secure delete-on-reset} no port security mode

Parameters

max-addresses— Non-secure mode with limited learning dynamic MAC addresses. The static MAC addresses may be added on the port manually by the mac address-table static
lock— Secure mode without MAC learning. The static and secure MAC addresses may be added on the port manually by the mac address-table static
secure permanent—Secure mode with limited learning permanent secure MAC addresses with the permanent time-of-live. The static and secure MAC addresses may be added on the port manually by the mac address-table static command.
secure delete-on-reset—Secure mode with limited learning secure MAC addresses with the delete-on-reset time-of-live. The static and secure MAC addresses may be added on the port manually by the mac address-table static command.

Default Configuration The default port security mode is lock.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

User Guidelines

The default port mode is called regular. In this mode, the port allows unlimited learning of dynamic addresses.

The static MAC addresses may be added on the port manually by the mac address-table static command.

The command may be used only when the interface in the regular (non-secure with unlimited MAC learning) mode.

Use the port security mode command to change the default mode before the port security command.

Example

The following example sets the port security mode to Lock for te1/0/4.

switchxxxxxx(config)# interface te1/0/4
switchxxxxxx(config-if)# port security mode lock
switchxxxxxx(config-if)# port security
switchxxxxxx(config-if)# exit

port security max

To configure the maximum number of addresses that can be learned on the port while the port is in port, max-addresses or secure mode, use the port security max Interface (Ethernet, Port Channel) Configuration mode command. To restore the default configuration, use the no form of this command.

Syntax port security max max-addr no port security max

Parameters

max-addr—Specifies the maximum number of addresses that can be learned on

the port. (Range: 0–256)

Default Configuration

This default maximum number of addresses is 1.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

User Guidelines

The command may be used only when the interface in the regular (non-secure with unlimited MAC learning) mode.

Use this command to change the default value before the port security command.

Example

The following example sets the port to limited learning mode:

switchxxxxxx(config)# interface te1/0/4
switchxxxxxx(config-if)# port security mode max
switchxxxxxx(config-if)# port security max 20
switchxxxxxx(config-if)# port security
switchxxxxxx(config-if)# exit

port security routed secure-address

To add a MAC-layer secure address to a routed port. (port that has an IP address defined on it), use the port security routed secure-address Interface (Ethernet, Port Channel) Configuration mode command. To delete a MAC address from a routed port, use the no form of this command.

Syntax

port security routed secure-address mac-address no port security routed secure-address mac-address

Parameters mac-address—Specifies the MAC address.

Default Configuration

No addresses are defined.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode. It cannot be configured for a range of interfaces (range context).

User Guidelines

This command enables adding secure MAC addresses to a routed port in port security mode. The command is available when the port is a routed port and in port security mode. The address is deleted if the port exits the security mode or is not a routed port.

Example

The following example adds the MAC-layer address 00:66:66:66:66:66 to te1/0/1.

switchxxxxxx(config)# interface te1/0/1
switchxxxxxx(config-if)# port security routed secure-address 00:66:66:66:66:66

show mac address-table

To display entries in the MAC address table, use the show mac address-table Privileged EXEC mode command.

Syntax

show mac address-table [dynamic | static | secure] [vlan vlan] [interface

interface-id] [address mac-address]

Parameters

dynamic—(Optional) Displays only dynamic MAC address table entries.
static—(Optional) Displays only static MAC address table entries.
secure—(Optional) Displays only secure MAC address table entries.
vlan—(Optional) Displays entries for a specific VLAN.
interface interface-id—(Optional) Displays entries for a specific interface ID. The interface ID can be one of the following types: Ethernet port or port-channel.
address mac-address—(Optional) Displays entries for a specific MAC address.

Default Configuration

If no parameters are entered, the entire table is displayed.

Command Mode

Privileged EXEC mode

User Guidelines

Internal usage VLANs (VLANs that are automatically allocated on routed ports) are presented in the VLAN column by a port number and not by a VLAN ID.

Examples

Example 1 – Displays entire address table.

switchxxxxxx# show mac address-table

Aging time is 300 sec

VLAN       MAC Address             Port         Type

--------   ---------------------   ----------   ----------

1          00:00:26:08:13:23        0            self

1          00:3f:bd:45:5a:b1       te1/0/1      static

1 00:a1:b0:69:63:f3 te1/0/2 dynamic
2 00:a1:b0:69:63:f3 te1/0/3 dynamic
1 00:a1:b0:69:61:12 te1/0/4 dynamic

Example 2 – Displays address table entries containing the specified MAC address.

switchxxxxxx# show mac address-table address 00:3f:bd:45:5a:b1

Aging time is 300 sec

VLAN MAC Address Port Type

-------- --------------------- ---------- ----------

1 00:3f:bd:45:5a:b1 static te1/0/4

show mac address-table count

To display the number of addresses present in the Forwarding Database, use the show mac address-table count Privileged EXEC mode command.

Syntax

show mac address-table count [vlan vlan | interface interface-id]

Parameters

vlan vlan—(Optional) Specifies VLAN.
interface-id interface-id—(Optional) Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or port-channel.

Command Mode

Privileged EXEC mode

Example

switchxxxxxx# show mac address-table count

This may take some time.

Capacity : 16384

Free     : 16379

Used     : 5

Secure   : 0

Dynamic : 2

Static   : 2 Internal : 1

show bridge multicast mode

To display the Multicast bridging mode for all VLANs or for a specific VLAN, use the show bridge multicast mode Privileged EXEC mode command.

Syntax

show bridge multicast mode [vlan vlan-id]

Parameters

vlan vlan-id—(Optional) Specifies the VLAN ID.

Command Mode

Privileged EXEC mode

Example

The following example displays the Multicast bridging mode for all VLANs

switchxxxxxx# show bridge multicast mode

VLAN	IPv4 Multicast Mode	IPv6 Multicast Mode
	Admin	Oper	Admin	Oper
—–	———–	———–	———–	———–
1	MAC-GROUP	MAC-GROUP	MAC-GROUP	MAC-GROUP
11	IPv4-GROUP	IPv4-GROUP	IPv6-GROUP	IPv6-GROUP
12	IPv4-SRC-GROUP	IPv4-SRC-GROUP	IPv6-SRC-GROUP	IPv6-SRC-GROUP

show bridge multicast address-table

To display Multicast MAC addresses or IP Multicast address table information, use the show bridge multicast address-table Privileged EXEC mode command.

Syntax

show bridge multicast address-table [vlan vlan-id]

show bridge multicast address-table [vlan vlan-id] [address

mac-multicast-address] [format {ip | mac}]

show bridge multicast address-table [vlan vlan-id] [address ipv4-multicast-address] [source ipv4-source-address] show bridge multicast address-table [vlan vlan-id] [address

ipv6-multicast-address] [source ipv6-source-address]

Parameters

vlan-id vlan-id—(Optional) Display entries for specified VLAN ID.
address—(Optional) Display entries for specified Multicast address. The possible values are:
- mac-multicast-address—(Optional) Specifies the MAC Multicast address.
- ipv4-multicast-address—(Optional) Specifies the IPv4 Multicast address.
- ipv6-multicast-address—(Optional) Specifies the IPv6 Multicast address.
format—(Optional) Applies if mac-multicast-address was selected. In this case either MAC or IP format can be displayed. Display entries for specified Multicast address format. The possible values are:
- ip—Specifies that the Multicast address is an IP address.
- mac—Specifies that the Multicast address is a MAC address.
source —(Optional) Specifies the source address. The possible values are:
- ipv4-address—(Optional) Specifies the source IPv4 address.
- ipv6-address—(Optional) Specifies the source IPv6 address.

Default Configuration

If the format is not specified, it defaults to mac (only if mac-multicast-address was entered).

If VLAN ID is not entered, entries for all VLANs are displayed.

If MAC or IP address is not supplied, entries for all addresses are displayed.

Command Mode

Privileged EXEC mode

User Guidelines

A MAC address can be displayed in IP format only if it is within the range 0100.5e00.0000 through 0100.5e7f.ffff.

Multicast router ports (defined statically or discovered dynamically) are members in all MAC groups.

Ports that were defined via the bridge multicast forbidden forward-all command are displayed in all forbidden MAC entries.

Changing the Multicast mode can move static Multicast addresses that are written in the device FDB to a shadow configuration because of FDB hash collisions.

Example

The following example displays bridge Multicast address information.

switchxxxxxx# show bridge multicast address-table

Multicast address table for VLANs in MAC-GROUP bridging mode:

Vlan    MAC Address         Type           Ports

---- -----------------    --------------   ----- 8    01:00:5e:02:02:03     Static          1-2

Forbidden ports for Multicast addresses:

Vlan    MAC Address         Ports

---- -----------------      -----

8    01:00:5e:02:02:03      te1/0/4

Multicast address table for VLANs in IPv4-GROUP bridging mode:

Vlan    MAC Address         Type             Ports

---- -----------------    --------------     -----

1      224.0.0.251         Dynamic           te1/0/2

Forbidden ports for Multicast addresses:

Vlan    MAC Address         Ports

---- -----------------      -----

1      232.5.6.5

1      233.22.2.6

Multicast address table for VLANs in IPv4-SRC-GROUP bridging mode:

Vlan Group Address Source address Type        Ports

---- --------------- --------------- --------    -----

1     224.2.2.251     11.2.2.3       Dynamic     te1/0/1

Forbidden ports for Multicast addresses:

Vlan Group Address Source Address   Ports

---- --------------- --------------- -------

8    239.2.2.2       *               te1/0/4

8    239.2.2.2       1.1.1.11        te1/0/4

Multicast address table for VLANs in IPv6-GROUP bridging mode:

VLAN IP/MAC Address   Type      Ports

---- ----------------- --------- ---------------------

8    ff02::4:4:4       Static    te1/0/1-2, te1/0/3, Po1

Forbidden ports for Multicast addresses:

VLAN IP/MAC Address   Ports

---- ----------------- -----------

8    ff02::4:4:4       te1/0/4

Multicast address table for VLANs in IPv6-SRC-GROUP bridging mode:

Vlan Group Address Source address Type     Ports

---- --------------- --------------- -------- ------------------

8    ff02::4:4:4     *               Static   te1/0/1-2,te1/0/3,Po1

8    ff02::4:4:4     fe80::200:7ff: Static                      fe00:200

Forbidden ports for Multicast addresses:

Vlan Group Address Source address    Ports

---- --------------- ---------------   ----------

8    ff02::4:4:4     *                  te1/0/4 8    ff02::4:4:4     fe80::200:7ff:f    te1/0/4                      e00:200

show bridge multicast address-table static

To display the statically-configured Multicast addresses, use the show bridge multicast address-table static Privileged EXEC mode command.

Syntax

show bridge multicast address-table static [vlan vlan-id] [all]

show bridge multicast address-table static [vlan vlan-id] [address

mac-multicast-address] [mac| ip]

show bridge multicast address-table static [vlan vlan-id] [address

ipv4-multicast-address] [source ipv4-source-address]

show bridge multicast address-table static [vlan vlan-id] [address

ipv6-multicast-address] [source ipv6-source-address]

Parameters

vlan vlan-id—(Optional) Specifies the VLAN ID.
address—(Optional) Specifies the Multicast address. The possible values are:
- mac-multicast-address—(Optional) Specifies the MAC Multicast address.
- ipv4-multicast-address—(Optional) Specifies the IPv4 Multicast address.
- ipv6-multicast-address—(Optional) Specifies the IPv6 Multicast address.
source—(Optional) Specifies the source address. The possible values are:
- ipv4-address—(Optional) Specifies the source IPv4 address.
- ipv6-address—(Optional) Specifies the source IPv6 address.

Default Configuration

When all/mac/ip is not specified, all entries (MAC and IP) will be displayed.

Command Mode

Privileged EXEC mode

User Guidelines

A MAC address can be displayed in IP format only if it is within the range 0100.5e00.0000–- 0100.5e7f.ffff.

Example

The following example displays the statically-configured Multicast addresses.

switchxxxxxx# show bridge multicast address-table static

MAC-GROUP table

Vlan MAC Address Ports—- ————– ——–1 0100.9923.8787 te1/0/1, te1/0/2Forbidden ports for multicast addresses:Vlan MAC Address Ports—- ————– ——–IPv4-GROUP TableVlan IP Address Ports—- ———- ——-1 231.2.2.3 te1/0/1, te1/0/219 231.2.2.8 te1/0/2-3Forbidden ports for multicast addresses:Vlan IP Address Ports—- ———- ——–1 231.2.2.3 te1/0/419 231.2.2.8 te1/0/3IPv4-SRC-GROUP Table:
Vlan Group Address Source address—- ————— —————Forbidden ports for multicast addresses:	Ports——
Vlan Group Address Source address—- ————— —————	Ports——

IPv6-GROUP Table

Vlan IP Address Ports

—- —————- ———

191 FF12::8 te1/0/1-4

Forbidden ports for multicast addresses:

Vlan IP Address Ports—- —————- ———11 FF12::3 te1/0/4191 FF12::8 te1/0/4IPv6-SRC-GROUP Table:
Vlan Group Address Source address—- ————— —————192 FF12::8 FE80::201:C9A9:FE40:8988Forbidden ports for multicast addresses:	Ports —–te1/0/1-4
Vlan Group Address Source address—- ————— —————192 FF12::3 FE80::201:C9A9:FE40:8988	Ports —–te1/0/4

show bridge multicast filtering

To display the Multicast filtering configuration, use the show bridge multicast filtering Privileged EXEC mode command.

Syntax

show bridge multicast filtering vlan-id

Parameters

vlan-id—Specifies the VLAN ID. (Range: Valid VLAN)

Default Configuration

None

Command Mode

Privileged EXEC mode

Example

The following example displays the Multicast configuration for VLAN 1.

switchxxxxxx# show bridge multicast filtering 1
Filtering: Enabled
VLAN: 1 Forward-All

Port —-te1/0/1 te1/0/2 te1/0/3

Static———ForbiddenForward-

Status——FilterForward(s)Forward(d)

show bridge multicast unregistered

To display the unregistered Multicast filtering configuration, use the show bridge multicast unregistered Privileged EXEC mode command.

Syntax

show bridge multicast unregistered [interface-id]

Parameters

interface-id—(Optional) Specifies an interface ID. The interface ID can be one of

the following types: Ethernet port or Port-channel.

Default Configuration

Display for all interfaces.

Command Mode

Privileged EXEC mode

Example

The following example displays the unregistered Multicast configuration.

switchxxxxxx# show bridge multicast unregistered

Port ——te1/0/1 te1/0/2 te1/0/3

Unregistered————-ForwardFilterFilter

show ports security

To display the port-lock status, use the show ports security Privileged EXEC mode command.

Syntax

show ports security [interface-id | detailed]

Parameters

interface-id—(Optional) Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or port-channel.
detailed—(Optional) Displays information for non-present ports in addition to present ports.

Default Configuration

Display for all interfaces. If detailed is not used, only present ports are displayed.

Command Mode

Privileged EXEC mode

Example

The following example displays the port-lock status of all ports.

switchxxxxxx# show ports security

Port   Status       Learning    Action    Maximum Trap     Frequency
------- --------    ---------   ------    ---      ------- --------
te1/0/1            Enabled      Max-       Discard     3       Enabled 100                     Addresses
te1/0/2      Disabled     Max-         -          28        -                           Addresses
te1/0/3     Enabled       Lock      Discard      8       Disabled   -

The following table describes the fields shown above.

Field	Description
Port	The port number.
Status	The port security status. The possible values are: Enabled or Disabled.
Action	The action taken on violation.
Maximum	The maximum number of addresses that can be associated on this port in the Max-Addresses mode.
Trap	The status of SNMP traps. The possible values are: Enable or Disable.
Frequency	The minimum time interval between consecutive traps.

show ports security addresses

To display the current dynamic addresses in locked ports, use the show ports security addresses Privileged EXEC mode command.

Syntax

show ports security addresses [interface-id | detailed]

Parameters

interface-id—(Optional) Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or port-channel.
detailed—(Optional) Displays information for non-present ports in addition to present ports.

Default Configuration

Display for all interfaces. If detailed is not used, only present ports are displayed.

Command Mode

Privileged EXEC mode

Example

The following example displays dynamic addresses in all currently locked port:

Port ——te1/0/1 te1/0/2 te1/0/3

Status——–DisabledDisabledDisabledDisabled

Learning——–LockLockLockLock

Current———-0000

Maximum———-10111

bridge multicast reserved-address

To define the action on Multicast reserved-address packets, use the bridge multicast reserved-address Global Configuration mode command. To revert to default, use the no form of this command.

Syntax

bridge multicast reserved-address mac-multicast-address [ethernet-v2 ethtype | llc sap | llc-snap pid] {discard | bridge}

no bridge multicast reserved-address mac-multicast-address [ethernet-v2 ethtype | llc sap | llc-snap pid]

Parameters

mac-multicast-address—MAC Multicast address in the reserved MAC addresses range. (Range: 01-80-C2-00-00-00, 01-80-C2-00-00-02–

01-80-C2-00-00-2F)

ethernet-v2 ethtype—(Optional) Specifies that the packet type is Ethernet v2 and the Ethernet type field (16 bits in hexadecimal format). (Range: 0x0600–0xFFFF)
llc sap—(Optional) Specifies that the packet type is LLC and the DSAP-SSAP field (16 bits in hexadecimal format). (Range: 0xFFFF)
llc-snap pid—(Optional) Specifies that the packet type is LLC-SNAP and the PID field (40 bits in hexadecimal format). (Range: 0x0000000000 – 0xFFFFFFFFFF)
discard—Specifies discarding the packets.
bridge—Specifies bridging (forwarding) the packets

Default Configuration

If the user-supplied MAC Multicast address, ethertype and encapsulation (LLC) specifies a protocol supported on the device (called Peer), the default action (discard or bridge) is determined by the protocol.
If not, the default action is as follows: – For MAC addresses in the range 01-80-C2-00-00-00, 01-80-C2-00-00-02– 01-80-C2-00-00-0F, the default is discard. – For MAC addresses in the range 00-80-C2-00-00-10– 01-80-C2-00-00-2F, the default is bridge.

Command Mode

Global Configuration mode

User Guidelines

If the packet/service type (ethertype/encapsulation) is not specified, the configuration is relevant to all the packets with the configured MAC address.

Specific configurations (that contain service type) have precedence over less specific configurations (contain only MAC address).

The packets that are bridged are subject to security ACLs.

The actions define by this command has precedence over forwarding rules defined by applications/protocols (STP, LLDP etc.) supported on the device.

Example

switchxxxxxx(config)# bridge multicast reserved-address 00:3f:bd:45:5a:b1

show bridge multicast reserved-addresses

To display the Multicast reserved-address rules, use the show bridge multicast reserved-addresses Privileged EXEC mode command.

Syntax

show bridge multicast reserved-addresses

Command Mode

Privileged EXEC mode

Example

switchxxxxxx # show bridge multicast reserved-addresses
MAC Address Frame Type Protocol Action

------------------ ----------- -------------- ------------

01-80-C2-00-00-00 LLC-SNAP 00-00-0C-01-29 Bridge

Knowledge Base

bridge multicast filtering

bridge multicast mode

bridge multicast address

bridge multicast forbidden address

Syntax

bridge multicast ip-address

bridge multicast forbidden ip-address

bridge multicast source group

bridge multicast forbidden source grou

bridge multicast ipv6 mode

bridge multicast ipv6 ip-address

bridge multicast ipv6 forbidden ip-address

bridge multicast ipv6 source group

bridge multicast ipv6 forbidden source group

bridge multicast unregistered

bridge multicast forward-all

bridge multicast forbidden forward-all

bridge unicast unknown

show bridge unicast unknown

mac address-table static

clear mac address-table

mac address-table aging-time

port security

port security mode

port security max

port security routed secure-address

show mac address-table

show mac address-table count

show bridge multicast mode

show bridge multicast address-table

show bridge multicast address-table static

show bridge multicast filtering

show bridge multicast unregistered

show ports security

show ports security addresses

bridge multicast reserved-address

show bridge multicast reserved-addresses

Was this article helpful?

Related Articles

Leave A Comment? Cancel Reply