Use the bridge address interface configuration command to add a static MAC-layer station source address to the bridge table. To delete the MAC address, use the no form of the bridge address command (using the no form of the command without specifying a MAC address deletes all static MAC addresses belonging to this VLAN).
permanent—The address can only deleted by the no bridge address command.
delete-on-reset—The address is deleted after reset.
delete-on-timeout—The address is deleted after age out time has expired.
secure—The address is deleted after the port changes mode to unlock learning (no port security command). This parameter is only available when the port is in learning locked mode.
Default Configuration
No static addresses are defined. The default mode for an added address is permanent.
Command Mode
Interface Configuration (VLAN) Mode
User Guidelines
There are no user guidelines for this command.
Example
The following example adds a permanent static MAC-layer station source address on a port to the bridge table.
Use the bridge aging-time global configuration command to set the address table aging time. To restore the default, use the no form of the command.
Syntax
bridge aging-time seconds
no bridge aging-time
seconds—Time is number of seconds. (Range: 10-5000000 seconds)
Default Configuration
The default is 300 seconds.
Command Mode
Global Configuration Mode
User Guidelines
There are no user guidelines for this command.
Example
The following example sets the bridge aging time.
Console (config)# bridge aging-time 250
clear bridge
Use the clear bridge privileged EXEC command to remove any learned entries from the forwarding database.
Syntax
clear bridge
Default Configuration
This command has no default configuration.
Command Mode
Privileged EXEC Mode
User Guidelines
There are no user guidelines for this command.
Example
The following example clears the bridge tables.
Console# clear bridge
show bridge address-table
Use the show bridge address-table privileged EXEC command to display dynamically created entries in the bridge-forwarding database.
Syntax
show bridge address-table [vlan vlan] [ethernetinterface | port-channel port-channel-number]
vlan—Specific VLAN, such as VLAN 1.
interface—An ethernet port.
port-channel-number—A port-channel number.
Default Configuration
This command has no default configuration.
Command Mode
Privileged EXEC Mode
User Guidelines
There are no user guidelines for this command.
Example
The following example displays all classes of entries in the bridge-forwarding database.
Console# show bridge address table
Aging time is 300 sec
vlan mac address port type
---- -------------- ----- -----
1 0060.704C.73FF 5/8 dynamic
1 0060.708C.73FF 5/8 dynamic
200 0010.0D48.37FF 5/9 static
show bridge address-table static
Use the show bridge address-table privileged EXEC command to display statically entered entries in the bridge-forwarding database.
Syntax
show bridge address-table static [vlan vlan] [ethernetinterface | port-channel port-channel-number]
vlan—Specific VLAN, such as VLAN 1.
interface—An ethernet port.
port-channel-number—A port-channel number.
Default Configuration
This command has no default configuration.
Command Mode
Privileged EXEC Mode
User Guidelines
There are no user guidelines for this command.
Example
The following example displays all classes of entries in the bridge-forwarding database.
Console# show bridge address table static
Aging time is 300 sec
vlan mac address port type
---- -------------- ----- -----
200 0010.0D48.37FF 5/9 delete-on-reset
port security
Use the port security interface configuration command to disable new address learning on an interface. To enable new address learning, use the no form of the command.
Syntax
port security [forward | discard |discard-shutdown] [trap seconds]
no port security
forward—Forwards frames with unlearned source addresses, but does not learn the address.
discard—Discards frames with unlearned source addresses. This is the default if no option is indicated.
discard-shutdown—Discards frames with unlearned source addresses. The port is also shut down.
trap seconds—Sends SNMP traps and defines the minimal amount of time in seconds between two consecutive traps (Range: 1-1,000,000)
The following example disables the learning of new addresses on a port. All frames with unlearned source addresses are discarded.
Console (config)# interface ethernet 1/e8
Console (config-if)# port security discard
show ports security
Use the show ports security privileged EXEC command to display the port-lock status.
Syntax
show ports security [ethernetinterface | port-channel port-channel-number]
interface—An ethernet port.
port-channel-number—A port-channel number.
Default Configuration
This command has no default configuration.
Command Mode
Privileged EXEC Mode
User Guidelines
There are no user guidelines for this command.
Example
The following example displays all classes of entries in the port-lock status.
Console # show ports security
Port Action Trap Frequency Counter
---- ----------------- -------- --------- -------
5/7 Discard Enable 100 88
7/8 Discard, Shutdown Disable
Frequency: Trap Frequency
Counter: Number of violations since last trap
bridge multicast filtering
Use the bridge multicast filtering global configuration command to enable filtering of multicast addresses. To disable filtering of multicast addresses, use the no form of the command.
Syntax
bridge multicast filtering
no bridge multicast filtering
Default Configuration
Disabled. All multicast addresses are flooded to all ports of the relevant VLAN.
Command Mode
Global Configuration Mode
User Guidelines
If multicast routers exist on the VLAN and IGMP snooping is not enabled, use the bridge multicast forward-all command to forward all multicast packets to the multicast routers.
Example
The following example enables bridge multicast filtering.
Console (config)# bridge multicast filtering
bridge multicast address
Use the bridge multicast address interface configuration command to register MAC-layer multicast addresses to the bridge table, and adds static ports to the group. To unregister the MAC address, use the no form of the bridge multicast address command.
Use the bridge multicast forbidden address interface configuration command to prevent adding a specific multicast address to specific ports. To reconfigure the default value, use the no form of this command.
Use the bridge multicast forward-all interface configuration command to forbid a port to be a Forward-all-multicast port. To restore the default, use the no form of the bridge multicast forward-all command.
interface-list—Separates non-consecutive valid ethernet ports with a comma and no spaces; a hyphen is used to designate a range of ports.
port-channel-number-list—Separates non-consecutive valid port-channels with a comma and no spaces; a hyphen is used to designate a range of port-channels.
Default Configuration
Disables forward-all on all ports
Command Mode
Interface Configuration (VLAN) Mode
User Guidelines
There are no user guidelines for this command.
Example
The following example forwards all multicast packets on port 1/e8.
Use the bridge multicast forbidden forward-all interface configuration command to forbid a port to be a Forward-all-multicast port. To restore the default, use the no form of this command.
remove—Do not forbid forwarding all multicast packets.
interface-list—Separate non-consecutive valid ethernet ports with a comma and no spaces; a hyphen is used to designate a range of ports.
port-channel-number-list—Separate non-consecutive valid port-channels with a comma and no spaces; a hyphen is used to designate a range of port-channels.
Default Configuration
By default, this setting is disabled (for example, forwarding to the port is not forbidden).
Command Mode
Interface Configuration (VLAN) Mode
User Guidelines
IGMP snooping dynamically discovers multicast router ports. When a multicast router port is discovered, all the multicast packets are forwarded to it unconditionally. This command prevents a port to be a multicast router port
.
Example
The following example forbids forwarding all multicast packets to port 1/e6.
