Leaflet
30
OL-11615-01
MAC Address Monitoring
MAC address monitoring is a feature present on Catalyst 6500 Series switches running Catalyst OS and
Cisco IOS software. This feature helps mitigate MAC flooding and other CAM overflow attacks by
limiting the total number of MAC addresses learned by the switch on per-port or per-VLAN basis.
With MAC Address Monitoring, a maximum threshold for the total number of MAC addresses can be
configured and enforced on a per-port and/or per-VLAN basis. The system can be configured to notify
or disable the port or VLAN every time the number of learned MAC addresses exceeds the predefined
threshold.
At a high level, Cisco IOS and CatOS implement MAC address monitoring in a similar manner.
However, there are some implementation differences that should be noted, and which are discussed in
the following sections.
Configuring MAC Address Monitoring in Catalyst OS
In Catalyst OS, MAC address monitoring allows the definition of a low threshold and a high threshold.
Compared to a single threshold the combination of a low and high threshold provides greater flexibility.
In addition, the number of MAC addresses learned can be monitored not only on a per-port or per-VLAN
basis, but also on a per-port-per-VLAN basis.
Note Before performing the following steps, MAC address monitoring first needs to be enabled globally,
which is the default configuration (in case it has been disabled).
To configure MAC address monitoring on a Catalyst 6500 switch running Catalyst OS, perform the
following steps:
Step 1 Enable MAC address monitoring globally using the set cam monitor enable command:
Console> (enable) set cam monitor enable
Step 2 Enable the monitoring of MAC addresses that are learned and stored in the CAM table on a per-port
basis, per-VLAN basis, or on a per-port- per-VLAN basis using the set cam monitor command. Note
that MAC-address monitoring is disabled by default on an interface (port, VLAN, or port/VLAN basis):
Console> (enable) set cam monitor {disable | enable} [
mod/port
| {
mod/port vlan
} |
vlan
]
Step 3 Specify the lower threshold for MAC-address monitoring and the action to be taken when the system
exceeds this threshold. Use the set cam monitor low-threshold command. The valid range for the lower
threshold is 5-32000. Note that if you specify the no-learn keyword, and the configuration is a
port/VLAN configuration, the violation action stops learning the MAC addresses on the port from all the
VLANs. If you specify the warning keyword, the system displays a system message when the low
threshold is exceeded:
Console> (enable) set cam monitor low-threshold
value
[action {no-learn | warning}]
{
mod/port
| {
mod/port vlan
} |
vlan
}
Step 4 Specify the upper threshold or MAC-address monitoring and the action to be taken when the system
exceeds this threshold. Use the set cam monitor high-threshold command. The valid range for the high
threshold is 5-32000. Note that if you specify the no-learn keyword, and the configuration is a
port/VLAN combination, the violation action stops learning the MAC addresses on the port from all the