You manage MAC (Media Access Control) addresses by managing the address tables in which a switch stores dynamic addresses, static addresses, and secure addresses. You perform this task by choosing Administration > MAC Addresses and using the MAC Addresses window.
Each switch maintains a Dynamic Address table, which identifies ports and their associated addresses that belong to a VLAN. The switch learns the MAC address of attached devices, VLAN IDs, and interface numbers by reading the source address of arriving packets. It dynamically adds these addresses to the table and keeps table entries for the time specified in the Aging Time field. After an entry is removed, the switch relearns it. If the switch encounters a packet for an unknown destination, it floods the packet to all ports of the VLAN.
As stations are added or removed from the network, the switch updates the Dynamic Address table, adding new entries and aging those not in use. The switch also updates the address table by deleting all dynamic addresses associated with a port on which a VLAN membership change occurred.
A switch can learn an address in more than one VLAN, and a dynamic address that it learns in one VLAN can be entered as a secure address in another VLAN. An address that the switch learns in one VLAN is unknown in another VLAN until the address is learned or you enter it in the table.
A static address is a network address that must remain constant. In VLANs containing a static address, the switch forwards packets destined to this address. If the switch receives this address as a destination address for a VLAN that does not contain it, the switch floods the packet within the receiver VLAN. If the switch receives the address as a source address from VLANs that contain no static address, the switch does not learn the address.
The switch does not age static addresses from the table when they are not in use and does not lose them when reset. When a VLAN membership change occurs, the switch keeps the static address, but the port is eliminated from the destination maps in the changed VLAN.
You cannot configure a dynamic-access port as the source or destination port in a static address entry.
A secure address is a manually entered unicast address that is forwarded to only one port per VLAN. Secure addresses do not age; they are retained even when the switch reboots. You must manually remove secure addresses from the Secure Address table.
Note: If you change the VLAN membership of a secure port, the switch keeps the secure address but stops forwarding to this address in the changed VLAN. If the port is returned to the VLAN, the port becomes a destination port for the secure address again.
You can enter a secure port address even if the port is not yet assigned to the VLAN. When the port is assigned to the VLAN later, the switch forwards packets destined for that address to the port.
By setting up secure ports and secure addresses, you can prevent the switch from forwarding packets with addresses outside the group. You can configure the switch to generate an alert and disable a secure port if it receives a packet with a MAC address that you manually added and associated with another secure port.
You add a secure unicast address one port at a time. If you enter an address that is already assigned to another port, the switch reassigns the secure address to the port in your entry.