Static MAC Address Table Entry

Thanks Maher!

Hi Rene,

Just a very basic question. Lets say I have a L2 switch ( port fa0/1) connected to the router fa0/1. For communication to happen do I need to configure ip address in port fa0/1 or whether it is not needed?

  1. I have a topology like below

Ixia ----- fa0/1 switch A fa0/2 — fa0/1 switch B fa0/2— Ixia

In this case when I send a frame from ixia , what src ip , mac address , dest ip , dest address do I need to configure in Ixia . Do I need to configure specific address or can I configure any address

  1. I have a topology like below

Ixia ----- fa0/1 Router A fa0/2 — fa0/1 Router B fa0/2— Ixia

In this case when I send a packet from ixia , what src ip , mac address , dest ip , dest address do I need to configure in Ixia . Do I need to configure specific address or can I configure any address?


Hello Rene,

I have a question please If you can help me.

How can i check the port are healthy or not defective on a switch Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(55)SE5

What command will show that ? is it show tech command ? if yes , which of them please.

Thank you

@Ananth On a LAN, we use Ethernet and each device has a built in MAC address. You don’t have to configure the MAC address yourself. Let’s say you have two computers connected to a switch. These computers will have a MAC address, it comes with their network cards.

These computers however don’t communicate directly with Ethernet, they use IP instead. You’ll have to configure an IP address on each computer and it has to be in the same subnet. When ComputerA wants to send something to ComputerB, it will create an IP packet with its own IP address as the source and the destination will be the IP address of ComputerB. This IP packet will then be embedded in an Ethernet frame and forwarded. The switch will switch it to ComputerB.

If you use routers in between, it’s a different story. I have an example here:

@Sinan Best to check the interface status for this:


Hello Rene,

I need your ADVICE please. I have a firewall none- cisco and i am changing the NAT to Cisco Router

In the Firewall NON-CISCO :-

Source NAT	
Traffic selector:	→		service HTTPS	→		to Internet IPv4
Source translation:		External [] (Address)

In the cisco router i will do the following

ip nat inside source tcp 443 443

In the Firewall NON-CISCO :-

Destination NAT
Traffic selector:		Any	→		HTTPS	→		External [] (Address)
Destination translation:

In the Router NAT i will do the following :-

ip nat inside source tcp 443 443


So my question is :- It seems in the Firewall we have Source and destination nat but in the Router we can used only one command which will help to do both side in the same time. ?

Can we please help in this explanation ? I means can we do only Source or only Destination NAT in router , if yes , can you used my example above to show me the results.

Thank you

Hi @senansat,

From your configuration it appears you would like to expose a service running on port 443 to the Internet.

Cisco IOS has an elegant way to do this using a construction called a static NAT. Traffic coming in from the Internet to your public IP will be forwarded to the local server you specify. Traffic from that local server to the Internet will have its source IP address changed as the traffic enters the Internet, so that responses find their way back.

There is a great example here of the type of Static NAT you could use.

You should find you can achieve what you need in a single line starting “ip nat inside source static …”

Kind regards,

Hello Laz,
I have a question and I like to use the below picture for this question.

**show mac address-table**
-----    Mac Address
100    aaaa.aaaa.aaaa    STATIC      Gi3/0/35 

SWITCH#**show inter gigabitEthernet 3/0/35**
GigabitEthernet3/0/35 is up, line protocol is up (connected) 
  Hardware is Gigabit Ethernet, address is bbbb.bbbb.bbbb (bia bbbb.bbbb.bbbb)

Let’s say I have a computer X connected to gig 3/0/35 port in a switch and the Mac address of the computer X is aaaa.aaaa.aaaa. Running show mac address-table and show inter gigabitEthernet 3/0/35 giving the above output. When computer A is disconnected from the port and a different computer Y (dddd.dddd.dddd mac address) is connected to the same port, I get the below output.

**show mac address-table**
-----    Mac Address
100    dddd.dddd.dddd     STATIC      Gi3/0/35 

**SWITCH#show inter gigabitEthernet 3/0/35**
GigabitEthernet3/0/35 is up, line protocol is up (connected) 
  Hardware is Gigabit Ethernet, address is bbbb.bbbb.bbbb (bia bbbb.bbbb.bbbb) 

I have two questions here.

  1. why is the mac address not changing under sho inter gig 3/0/35? Why is it still bbbb.bbbb.bbbb all the time? What is this Mac address? Where is it coming from?
    When I am looking at other ports, they all are showing up like below:

     **SWITCH#****show inter gigabitEthernet 3/0/36**
     GigabitEthernet3/0/35 is up, line protocol is up (connected) 
       Hardware is Gigabit Ethernet, address is bbbb.bbbb.bbbc (bia bbbb.bbbb.bbbc) 
     **SWITCH#****show inter gigabitEthernet 3/0/37**
     GigabitEthernet3/0/35 is up, line protocol is up (connected) 
       Hardware is Gigabit Ethernet, address is bbbb.bbbb.bbbd (bia bbbb.bbbb.bbbd) 
     **SWITCH#****show inter gigabitEthernet 3/0/38**
     GigabitEthernet3/0/35 is up, line protocol is up (connected) 
       Hardware is Gigabit Ethernet, address is bbbb.bbbb.bbbe (bia bbbb.bbbb.bbbe) 

I did not share all the actual Mac addresses here. However, all the mac addresses were the same except for the last digit like in the picture above.
2) In the show mac address-table output, this mac address should show up as a dynamic mac address as far as my understanding goes. Why is it showing up as static mac address?

Thank you so much.


Hello Azm

The MAC address you see in the output of the show interface command is the MAC address of the switch’s physical port. Conversely the MAC addresses that populate the MAC Address Table are those of the devices connected to the switch. Cisco switches are designed to have a separate MAC address for each individual port. For example, on a 3650 production switch I have, I have the following MAC address that shows up on the show version output (I’ve changed it slightly for security reasons):

Base Ethernet MAC Address : 84:b2:61:aa:3d:00

This is called the base Ethernet MAC address. This is what is used for the bridge ID when STP functions as well as the MAC address announced in BPDUs. This switch has 48 Gigabit Ethernet Ports and four Uplink Gigabit Ethernet Ports. Specifically, their MAC addresses are:

GigabitEthernet 1/0/1:  84:b2:61:aa:3d:00
GigabitEthernet 1/0/2:  84:b2:61:aa:3d:01
GigabitEthernet 1/0/3:  84:b2:61:aa:3d:02
....                    ....
GigabitEthernet 1/0/48:  84:b2:61:aa:3d:30

(Remember MAC addresses are in Hexadecimal that’s why we end at 30 for the last two digits of the MAC address) The four uplink interfaces MAC addresses are as follows:

GigabitEthernet 1/1/1:  84:b2:61:aa:3d:31
GigabitEthernet 1/1/2:  84:b2:61:aa:3d:32
GigabitEthernet 1/1/3:  84:b2:61:aa:3d:33
GigabitEthernet 1/1/4:  84:b2:61:aa:3d:34

Notice how each interface has a MAC address equal to the Base MAC address plus the sequential number of the interface. It is also interesting to note that this switch has a management interface labelled GigabitEthernet 0/0 as well and this interface has the SAME MAC address as the base MAC address.

This is the way that Cisco has decided to manufacture its switches. Other manufacturers choose to keep the same MAC address on all interfaces. This can be made to work for both layer 2 and layer 3 switches, however, in my opinion, a distinct MAC address per interfaces is a much cleaner implementation.

Yes you are correct that the show mac address-table command should show a DYNAMIC MAC address and not STATIC one. STATIC will show up if you have configured a static entry in the MAC address table OR if you have configured a MAC address on the port using port security. Also check to see if the port security is configured with sticky MAC addresses. I haven’t been able to test to see if sticky MAC addresses show up as a STATIC MAC Address table entry or dynamic, but you can test it out.

I hope this has been helpful for you!


1 Like

Hello Laz,
This is really helpful. No, sticky is not configured. Static mac address is not configured either. However, DHCP Snooping is configured in the switch, but I am not quite sure if DHCP snooping would be the reason for static status. AS a matter of fact, every time I connect a new device to the switch, the mac address of the device shows up in the mac address table as STATIC. Thank you so much.


Hello Azm

Hmm that’s interesting. DHCP snooping should not be the culprit. According to Cisco:

The DHCP snooping binding table can contain both dynamic and static MAC address to IP address bindings.

Do you find the same behaviour on all ports on this switch? If it’s not a production switch, you can try to erase the startup config, get everything to default configuration and check it out again. It would be interesting to see the results.

I hope this has been helpful!


Hello Laz,
Yes, there is no dynamic mac address in the entire mac address table. Unfortunately, this switch is in production and therefore, no experiment is allowed on this switch :grin:.

Thank you so much.


Hello Azm

That’s too bad. Doing a bit more research, is there any port security configuration on any of the ports where the static addresses are showing up? If so, try to temporarily remove any port security configs and bounce the interface and see what happens. Also, can you share the IOS version you are using? It would be worth checking out the possibility of a bug.

Let us know!


So the switch used in this lesson (SW1). This layer 2 switch has its own MAC address - 001d.a18b.36d0 ? This MAC address represents all aspects of the switch (all its interfaces – and any VLANS I create) ? ? ?

Hello Jason

The MAC addresses on a switch will differ depending on the platform you use. Some Cisco switches such as the 3560 series will have a primary MAC address, also known as the “master” MAC address. This is the one used for spanning tree and other mechanisms that require a MAC address. Now if you do a “show interface” for various ports of the switch, you will see that each port has its own unique MAC address and they are all sequential to each other. This is used as the destination MAC for traffic that is destined to that port itself. Examples of such traffic include CDP, or STP BPDUs. Now on such platforms, you have a series of reserved MAC addresses that are used for SVIs. These are dynamically assigned as SVIs are created.

Other platforms such as the 6500 series will have the same MAC address configured on all switch ports as well as the master MAC address and SVI MACs.

I hope this has been helpful!


what are the few scenarios where we need to use static mac addresses?

Hello Vinay

Static MAC addresses can be implemented for several reasons. The first involves MAC addresses that are assigned for the CPU, which can be seen below:
These are used for traffic that is destined for the switch itself as opposed to transient traffic.

Secondly, static MAC addresses can be assigned as multicast addresses. Mutlicast MAC addresses can be assigned to more than one interface.

Finally static MAC address can be manually assigned in order to apply a rudimentary security, allowing specific devices to only use a single port on the switch. Although not as secure as port security, it verifies that specific devices will only be connected to a single port.

I hope this has been helpful!


thank you, Laz. It makes sense.

1 Like

Hi Laz .

i too see similar static mac entries . Still i don’t understand . Can you please clarify ?
How CPU can be a Port ?
What is the need to map CPU entry for so many static mac entries ?

Switch2-7000#show mac address-table
          Mac Address Table
Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 All    0100.0ccc.cccc    STATIC      CPU
 All    0100.0ccc.cccd    STATIC      CPU
 All    0180.c200.0000    STATIC      CPU
 All    0180.c200.0001    STATIC      CPU
 All    0180.c200.0002    STATIC      CPU
 All    0180.c200.0003    STATIC      CPU
 All    0180.c200.0004    STATIC      CPU
 All    0180.c200.0005    STATIC      CPU
 All    0180.c200.0006    STATIC      CPU
 All    0180.c200.0007    STATIC      CPU
 All    0180.c200.0008    STATIC      CPU
 All    0180.c200.0009    STATIC      CPU
 All    0180.c200.000a    STATIC      CPU
 All    0180.c200.000b    STATIC      CPU
 All    0180.c200.000c    STATIC      CPU
 All    0180.c200.000d    STATIC      CPU
 All    0180.c200.000e    STATIC      CPU
 All    0180.c200.000f    STATIC      CPU
 All    0180.c200.0010    STATIC      CPU
 All    ffff.ffff.ffff    STATIC      CPU
  1    189c.5d48.3685    DYNAMIC     Fa0/5

Hello Sameer

A switch can have transverse traffic, and traffic that is sent or destined to the switch itself.

Transverse traffic is traffic with source and destination MAC addresses that don’t belong to the switch. In other words, this is traffic that comes from and goes to a host other than the switch itself. This is the vast majority of traffic that a switch will service, and this fulfills the fundamental function of the switch. This can generally be called user traffic, or data plane traffic. Transverse traffic automatically creates entries in the MAC address table, allowing MAC addresses to correspond to particular interfaces.

Now traffic that is sourced or destined to or from the switch itself is different. The actual physical MAC addresses of the switch and of its interfaces do not actually appear in the MAC address table. However, what does appear is a list of multicast MAC addresses. When a frame enters a switch with a multicast MAC address as the destination, it must know what to do with it. It looks in the MAC address and sends it to the CPU.

What does that mean? Well the CPU isn’t a port in the normal sense. It’s not even a virtual port, but it is the processing center of the switch that will take the frame and decide what to do with it. It is important to note here that the MAC addresses you see in the list above, are statically assigned, because they are “well known” or preconfigured addresses for use with particular internal processes. Here is a short list of some of these that appear in your output as well:

0100.0ccc.cccc CDP, VTP, and UDLD
0100.0ccc.cccd Cisco Shared Spanning Tree Protocol Address
0180.c200.0000 Spanning Tree Protocol (for bridges) IEEE 802.1D
0180.C200.0002 LACP and others
0180.C200.0003 LLDP
0180.C200.0008 STP for providers 802.1ad
ffff.ffff.ffff All nodes multicast address

So all of these are used for the internal operations and data plane communications with other switches and devices on the network.

I hope this has been helpful! Stay safe, and healthy!


1 Like

Thanks alot Laz . Ok so this is basically control plane multicast traffic intended for switch itself .

1 Like