Perform Switch Administration

0:00<v Instructor>So very quickly, we are going to review</v>

0:03how exactly MAC addresses are learned on a network.

0:06So if we have a couple of switches here, we know

0:08that we're not running any kind

0:10of layer two routing protocol

0:12or anything along these lines

0:13where I'm proactively advertising MAC addresses.

0:16Instead, as I keep track

0:18of my MAC addresses in my MAC address table, I'm going

0:21to populate this table as traffic comes into the switch.

0:25This is a mechanism that we refer to as flood-and-learn.

0:30And even though this might feel just a little bit basic

0:32for a CCIE type of conversation,

0:35this mechanism becomes a big deal

0:38when we move on to technologies like VXLAN and LISP.

0:42And so we need to actually just think about this

0:44and dwell on this just for a few moments, long enough

0:47to make sure that we understand how exactly

0:49this flood-and-learn concept works.

0:51And so it's maybe something we haven't visited in a while.

0:54The idea here is that if I were to connect a host, a PC,

0:58a router, something like this,

1:00and we generate traffic, we're going to include

1:03our source MAC address, and our source address,

1:07let's say in this case is 1.2.3.

1:09We'll just use the decimal format here.

1:12Well, when this layer two frame comes into the switch

1:15on the left, it's going to add 1.2.3

1:18into its MAC address table.

1:21And it's going to look at the port.

1:23Let's say this is port usually 0/1,

1:26something like that, maybe gig 0/1.

1:29And so we'll point this to gig 0/1.

1:32Now this table is going to be referred

1:35to as the content-addressable memory, or the CAM.

1:41and we're going to talk

1:43about what exactly this means here coming up,

1:46but this is actually a big deal

1:49as far as where we store our layer two addressing.

1:52It is always stored inside of the CAM,

1:56and we're going to wanna differentiate

1:57that from the TCAM here coming up here shortly as well.

2:01Now the other big caveat in all of this

2:04is that this CAM table, the MAC address table,

2:07however we wanna refer to it, either way is fine.

2:09This is on a per-VLAN basis, meaning that we need

2:13to keep a cam table for every single VLAN.

2:17Now, if I were to issue a command on the layer two device

2:21or multi-layer switch either way, but I'm on the switch,

2:25and I say show MAC address-table,

2:28this is the command that we're going to want to get used to.

2:32Way back in the day we actually had this fully hyphenated,

2:35but either way, now it's separate, show MAC address table,

2:38this is going to show all of the entries over here,

2:43and it'll specify which VLAN each entry belongs to.

2:46And so, if we wanna think of it as saying

2:49that I've got a Mac address and that's bound to a port,

2:53and that's going to get mapped to a VLAN,

2:55that's perfectly fine.

2:57But again, technically speaking under the hood,

2:59these cams operate on a per-VLAN basis.

3:04Now the other thing that we're tracking in all

3:07of this is whether or not this is a dynamic MAC address

3:11or if it's a static MAC address.

3:15A dynamic MAC address simply means that it was learned

3:18via that flood-and-learn type of mechanism.

3:21Static means that it is configured in some way.

3:25I can statically map MAC addresses to ports,

3:28but I can also statically create new interfaces.

3:32For example, on a switch, if I create a VLAN 100 interface

3:36and well, it's gonna have an IP address,

3:39but even if I don't configure a MAC address,

3:42it's going to have one.

3:43And so this VLAN 100 MAC address

3:46actually gets mapped into the table as well

3:48since it's a layer three interface,

3:50on that particular switch.

3:52So let's get back to the flood-and-learn concept.

3:55We know that if I've got a port,

3:58or I'm sorry, a frame coming into,

4:00let's say the switch on the right,

4:02let's call this switch two.

4:03Switch two is going to look at the destination address.

4:07In this case, it's destined for 1.2.3,

4:10and then it's going to check the CAM.

4:13And if it doesn't show up in the CAM, let's say

4:15that this CAM is actually empty at this point,

4:17we don't have any dynamically learned addresses in there.

4:20Maybe the switch just came online.

4:22Either way, if we're talking about layer three

4:25unknown addresses, we're probably gonna just drop those.

4:28I mean, it's very different behavior here.

4:31In a layer two world, especially with ethernet, we are going

4:34to flood this out.

4:37This is flood-and-learn.

4:38I'm going to send this out every port, every interface,

4:42that I have attached to this particular device.

4:46And that does ensure that one of these forwards

4:49is going to land on the destination

4:51if that destination is reachable at least.

4:53And so we're going to send that out.

4:55It's actually going to arrive at the destination.

4:59And the theory is that the destination will send traffic

5:02back at some point, at which point we will actually be able

5:05to learn where that MAC address is.

5:08So now I just learned where 1.2.3 lifts.

5:10I can add that into my CAM table,

5:12and I don't need to flood it next time I get a frame in

5:15that has a destination address.

5:17So that is the nature of flood-and-learn technology

5:20and how we keep track

5:22of our MAC addresses in VLAN-specific CAM tables.

0:01<v Instructor>We live in a dynamic world.</v>

0:03A lot of times we're gonna find

0:05that a MAC address might be learned

0:07on one interface, like gig 0/1 here,

0:10but then this MAC address moves over to another interface.

0:14Maybe it migrates to a completely different switch.

0:16And so now this MAC address,

0:19let's keep using 1.2.3 as an example,

0:22it was learned on gig 0/1 here.

0:25So 1.2.3 points to gig 0/1.

0:29But now it lives out gig 0/2.

0:33Now, there's a lot of ways

0:34that the MAC addresses might migrate

0:36in our campus environments.

0:37This could be a wireless roam, for example.

0:41But this actually happens a lot

0:43in our data center environments as well.

0:45We might see virtual machines move around

0:47inside the virtual hypervisor space.

0:51And so this type of migration,

0:52whether it's in the data center,

0:54whether it's in wireless,

0:56either way, it happens a lot,

0:58and it creates a, potentially, a really big problem.

1:03And that is that now as a packet comes in

1:06that's destined for 1.2.3,

1:10if this switch doesn't realize that the MAC address moved,

1:13it's going to forward it out the wrong port

1:15and that's going to black hole traffic.

1:17And so this is a situation that we need

1:19to be able to resolve very quickly.

1:22And so how exactly do we go about solving this?

1:25Well, some amount of responsibility

1:27is going to be placed onto the host itself

1:30that ended up migrating.

1:32Specifically, this host needs to generate traffic.

1:36We're not going to be able to put this

1:38on the switching environment itself.

1:40Again, we don't have a control plane.

1:42If we had a control plane,

1:43then the switch on the right

1:45would see the MAC address and say,

1:47"Oh, the MAC address moved.

1:48Hey, you might want to update your CAM table."

1:51But unfortunately, we don't have it working that way.

1:54Now again, we mentioned VXLAN already once.

1:57This is going to come back into the conversation later on,

2:00which is one of the reasons why

2:01we're having the conversation upfront.

2:03In this situation, we do not have a control plane,

2:06and therefore the host ideally is going

2:08to have to generate some amount of traffic,

2:11because we are still relying on flood and learn.

2:14I learn where this new interface is here

2:18for this specific MAC address only when a frame shows up.

2:23So how do I get a frame to show up sourced from 1.2.3?

2:30Well, again, we can generate traffic,

2:32and if the host recognizes that it moved,

2:34then it can do what we call especially...

2:37Well, especially being the way we typically do it.

2:40It is a gratuitous ARP.

2:42Gratu...

2:45Gratu, there it is.

2:47Gratuitous ARP, which is often abbreviated as a GARP,

2:53which is kind of a funny sounding word.

2:55So what happens is the host, now,

2:58let's say it lives out this interface,

3:00it's going to send that gratuitous ARP.

3:03Now, we call it a gratuitous ARP.

3:05The word gratuitous simply means that,

3:07"Hey, nobody asked for this,

3:09but I'm gonna send it out anyways."

3:11And an ARP is going to be a broadcast type of frame.

3:16Because it's a broadcast,

3:17it's going to get sent out everywhere.

3:19So let's just show here.

3:21So we're sending it out all of the ports

3:23and all of the interfaces,

3:24including this trunk between the switches.

3:28So at this point, the frame now arrives on the switch.

3:31It sees that I've got a source of 1.2.3,

3:35and it recognizes it already has an entry.

3:38So what's it going to do here?

3:39Well in a stable environment,

3:41assuming this doesn't happen too often,

3:43it's simply going to update this.

3:45It's going to say, "Okay, you're no longer

3:47living out gig 0/1.

3:48You must be living out gig 0/2 now."

3:51And life is good.

3:53We're not gonna black hole traffic anymore

3:54when this destination frame comes in.

3:57As long as we have gone through this process

3:59and updated the CAM table,

4:01it's going to send it out the appropriate interface

4:03and life will be good.

4:05Now, this does create an interesting scenario as well,

4:09which is that we can find

4:12that we have a situation known as flapping.

4:14Flapping means that the same MAC address

4:16just continues to change ports.

4:21So if this is happening constantly or rapidly,

4:25then we realize that we've probably got a problem

4:28in the layer two environment.

4:29At a minimum, it's not stable.

4:31You know, these mechanisms that would normally create

4:33a single layer two type of movement,

4:37this isn't something that happens very often.

4:39So if a packet shows up on...

4:42Drawing another switch down here.

4:43If it shows up on this interface

4:45and then this interface,

4:46and then back on this interface,

4:47and then back on this interface,

4:48maybe we have a loop in the environment.

4:50Maybe we, you know, have something else happening.

4:53But either way, this represents

4:55an instable or an unstable...

4:57Represents instability and an unstable environment.

5:00There we go.

5:01So what ends up happening here

5:03is that these ports might be placed into a disabled state,

5:07and specifically we'd call this air disabled.

5:11And we'll be exploring air disabling

5:13here coming up later on in this course.

5:16But either way, we're gonna find

5:18that the ports end up getting disabled if flapping occurs.

5:21Now, one migration is not flapping.

5:23But if it does go back and forth,

5:25then it will end up getting disabled.

5:27Now we have one other problem we have to recognize,

5:30which is what happens if this doesn't actually happen?

5:35What happens if we don't send a gratuitous ARP?

5:37What if we just move and...

5:40So we move and we generate no traffic.

5:46Well at this point, we are in trouble

5:48because this is pretty much our entire mechanism

5:51for achieving stability again.

5:53So if that's our entire mechanism for it,

5:56then what are we going to do in this scenario?

5:58Because we're going to come back to this situation

6:01where we continue to send traffic out the wrong interface.

6:04Well, this is why we end up having

6:07an aging component to our MAC addresses.

6:11So when I learn an address,

6:14I'm going to set a timer on that address.

6:17So in this CAM entry right in here,

6:20we originally said that...

6:22Let's just go back to it being out gig 0/1.

6:26We did not learn that it's at a new interface.

6:28It thinks it's going out this bad interface now,

6:31but it sets a timer.

6:32And the default timer on Cisco iOS devices is 300 seconds,

6:36which is five minutes.

6:38So it starts to decrement this timer

6:40from the moment that it learns it.

6:42You know, 299, 298, and so on and so forth.

6:46Well, fortunately, eventually,

6:47this is going to get down to zero.

6:49And once it gets down to zero,

6:51those addresses get removed.

6:56As traffic continues to come in from,

6:59let's say that this MAC still does live out that interface,

7:02it'll re-up the timer.

7:04It'll go back up to 300 seconds

7:05from the last time I saw a packet come in

7:08that had that source address.

7:10But once it gets down to zero, it will remove it.

7:13And so even though we have a bad situation

7:15with a black hole-ing type of, you know, scenario here,

7:19what's going to end up happening is the timer will expire,

7:23then we go back to flooding.

7:26And so once we go back to flooding,

7:28in theory, that traffic will get to the destination,

7:32and hopefully that destination replies in some way.

7:35And so we learn where it actually is.

7:38But after that timer expires,

7:40because of the flooding mechanism,

7:41at least we no longer have a black hole-ing

7:44type of scenario.

7:45And we can actually tune the aging timer if we want to.

7:48But again, by default on iOS devices,

7:51that's going to be 300 seconds.

0:01<v ->All right, let's jump into the lab</v>

0:02and just see a quick demonstration

0:03of looking at the Mac address table.

0:05This is probably something we've done at some point

0:07during troubleshooting sessions,

0:08but we wanna do a "show mac",

0:10and then it's "address-table".

0:12We can add enter,

0:13we can filter by VLANs and buy specific addresses.

0:16We might take a look at that later.

0:18But ultimately, what we find is a few things with this,

0:21first of all, the two important factors

0:23are always going to be the Mac addresses themselves,

0:26as well as the interfaces that they connect with.

0:30Now another critical component

0:32is certainly going to be the VLAN.

0:33So we see the VLAN ID over here on the left.

0:36So on this switch, we've got a lot of VLAN one devices,

0:39but also a few in 10 and 24, 34 and 23.

0:44Now the other big component is dynamic versus static.

0:48Now dynamic addresses are the ones that are learned.

0:51So these are truly devices that are out there,

0:53some of these are routers in this lab environment

0:55that have set traffic,

0:56and so we learn a lot of different Mac addresses that way.

1:00But we do see these static addresses,

1:02And specifically we're going to see static addresses,

1:05a long list of them up here at the top,

1:08a lot of devices have these static mappings

1:12that they're reserved for various purposes

1:14and used for internal traffic.

1:16So depending on the platform,

1:17maybe you'll see these, maybe you'll not see them,

1:19maybe there'll be a lot of 'em,

1:20maybe there'll be a few of them.

1:22But, and that's why it says "Vlan ALL" here

1:24is because it applies to all of them.

1:26So these are reserved values

1:28is really what it comes down to.

1:29But once you get past this all section,

1:31you really look down in here.

1:33What you end up finding

1:34is that when you see a static address,

1:36it's usually one of two things,

1:37first and foremost, it might be a VLAN interface.

1:40We're looking at a switch,

1:41we created that layer three interface.

1:43If I do a "sh int" on VLAN one,

1:46we should expect to see it end with 8ac7.

1:51So when I look at the Mac address here,

1:538ac7 right there.

1:55So this is the MAC address that's being used

1:57by that VLAN interface.

2:01So let's go back to the Mac address table.

2:03And so we'll find that we've got

2:05specific ranges of Mac addresses that'll be used

2:09by the device when those VLAN interfaces are made.

2:12Now we also see 8ac6 down here,

2:15that was mapped to a different VAN interface, a VLAN 10.

2:19So that's the first usual suspect with

2:22where these static addresses came from.

2:24The other possibility is that I can get onto an interface

2:27and I can hard configure some of these Mac addresses,

2:32and so those might show up here as well.

2:34But for the most part, it's going to be

2:36lots of dynamic interfaces that are learned,

2:39and then the static addresses

2:40that are either reserved by the system

2:42or are deployed onto some layer three interface

2:45also on that system.

2:46Now one other thing, let's go ahead

2:48and see what happens when we clear the Mac address table.

2:51So I can say "clear" and then "mac address-table".

2:54If I run a question mark here,

2:56I do have to specify what exactly I'm clearing,

2:58I want to clear the dynamic addresses.

3:00Now if I clear the Mac address table,

3:03on the one hand, it's going to be empty pretty quickly,

3:06but we're gonna find that

3:07all of the static addresses are still there,

3:09including VLAN one and VLAN 10.

3:12Now I did that as fast as I could,

3:14(speaker laughing) we have already learned

3:16some dynamic addresses.

3:17So we did see up here,

3:19we had a lot more dynamic addresses than we have now.

3:24But as I continue to look at the Mac address table,

3:26we're gonna find that more and more addresses are learned

3:29because these devices continue to send their traffic.

3:31And yeah, in the first frame it gets flooded out,

3:34but we very quickly learn where all of these devices are

3:37and the flooding is reduced.

3:38So clearing the Mac address table

3:40fortunately isn't disruptive

3:42because the flood and learn mechanism,

3:45I'm gonna continue to flood traffic

3:47so it does get to the destination.

3:49So clearing the Mac address table

3:51will result in a lot of flooding,

3:53but it also very quickly shrinks back down

3:56because we have traffic flowing,

3:59and we're going to be very quick to learn

4:01where those addresses are again.

0:01<v Instructor>Anytime we talk about our MAC address tables,</v>

0:04we are really referring to this as CAM

0:08a CAM table instead.

0:11And technically speaking we should probably refer to them

0:13as CAM tables, but what exactly is CAM?

0:16I mean, what is this concept and why is it so important?

0:19Why is it brought up so often?

0:21Well, in order to understand CAM,

0:22we need to understand at least a basic concept

0:25around standard memory use

0:27what we might call addressable memory

0:29so without the C, you know, basically what happens

0:32is when our CPU needs information,

0:34it goes to our memory allocation.

0:37And our memory allocation is,

0:39we could think of it like a spreadsheet

0:40or a database type of situation

0:43where we've got columns and information.

0:45And typically what we have is we have an index

0:48and we have a value that's stored there.

0:51And so in index zero, one, two, three, and four,

0:54in this situation I might say, "Hey, guess what?

0:57I need the information that's stored at index two."

1:02So maybe there's a binary 1010 stored there.

1:05So the CPU says, "Hey, give me what is at index two."

1:09And the memory controller returns 1010.

1:14Basically what we're doing is we're providing the index

1:17and we're getting the content back in this fashion.

1:21So that's great and all, but this is not how

1:25we are going to do things with our Mac addresses.

1:29And the reason for that is because I don't actually

1:31have an index value when it comes to Mac addresses.

1:35I actually have a Mac address and I need a port.

1:40Just kind of interesting 'cause basically

1:41I have two different values.

1:43I have a value here and I have a value here.

1:46So what exactly am I going to do here?

1:49Well, I build out a content addressable memory

1:53type of allocation.

1:55And what this looks like is basically

1:58what we have is we're going to build the same concept,

2:01except now I have my content here,

2:05and so this would be the MAC address.

2:07And then I have another value over here,

2:09which would be the port.

2:12So when the CPU now needs to get a port,

2:16I'm no longer providing an index,

2:17I'm providing a Mac address,

2:19and this Mac address could be stored here, MAC1, MAC2, MAC3,

2:24it could be anywhere in this table.

2:27And we could have thousands of Mac addresses in this table.

2:29So we see the problem here is I can't just say,

2:32"Hey, give me whatever is in index three or what have you."

2:36I'm saying, "Hey, first of all, you have to find this Mac

2:40and then you have to return the value."

2:42And so this is gonna be a little bit different.

2:45If this was addressable memory, standard addressable memory,

2:49what we would do is we would just cycle

2:52through this over and over again.

2:54You know, Hey, is this Mac address,

2:56let's say this is Mac address four in this case.

2:58So is it in this location? No.

3:01Is it in this location? No.

3:02Is it in this location? No.

3:04Is it in this location?

3:05Ah, finally we found it and we could return the port.

3:08So this could actually take thousands of attempts

3:11to return the port back to the CPU.

3:14So instead, what we want to do,

3:16is I wanna say that's a really bad mechanism.

3:18What we're going to do is we're going to actually use

3:21content addressable memory content.

3:23Addressable memory runs a single cycle.

3:27So it's one cycle on this and it's going to find

3:31an exact match.

3:34So if we were to just reduce our Mac address down

3:38to maybe saying that it's a few bits here.

3:41Let's say we're looking for 1010.

3:43Naturally we have 48 of these bits for a Mac address.

3:45But let's say I'm looking for this,

3:47what's going to happen is it's going to run

3:49through this entire memory bank basically,

3:53and it's going to look for that exact match,

3:56whatever that Mac address is.

3:58So in our case, it's going to find that the MAC address

4:01that we were had submitted is right here.

4:04And so now I can, in a single cycle, get the port

4:08and return that port back to the CPU cycle.

4:12So that is exactly what CAM is and why we use it here.

4:16Now a couple key points here.

4:19So first of all, as far as CAM is concerned,

4:22we are looking for an exact match, right?

4:25We're not able to submit masks

4:28for the Mac address world.

4:30And that's fine because when it comes to layer two,

4:33we have an exact Mac that we're looking for

4:35and we just need the port back.

4:36That's basically what we're trying to do here.

4:39So an exact match works great.

4:40The other issue is that CAM is expensive

4:46because we deploy a high performance level

4:50of memory into hardware.

4:51So another reason why it's so difficult

4:53to virtualize switches is because of this hardware

4:57based component that has been so important

5:00in the switching world for so long.

5:02And so obviously if we don't have the hardware,

5:04we're just virtualizing things,

5:05we have to do this in software.

5:08And so the emulated platforms make that happen.

5:11But ultimately CAM is a finite resource,

5:15and that's really what it comes down to.

5:17This is why when we look at spec sheets,

5:20we can only support so many Mac addresses.

5:24This is a big deal in the data center space

5:25because we could have thousands of virtual machines that,

5:28we've gotta learn thousands and thousands of Mac addresses.

5:32But this is a big deal in the campus environment as well,

5:34because we have to keep track of how many Mac addresses

5:37maybe exist in a layer two domain.

5:39It's another reason for us to shrink our layer two domains

5:42from a design perspective.

5:45And so this is all coming back to the idea

5:48that you know how Mac address tables run.

5:50We use CAM tables as a result.

5:53And what we're gonna find is that this is not a sufficient

5:57way for us to perform other lookups,

6:00that it do involve masks if we don't have an exact match.

6:04And so that's where TCAM is going to come into play.

0:01<v Instructor>We just got done saying that content</v>

0:03addressable memory in this CAM space is perfect

0:05for Mac lookups

0:07because our Mac addresses, when we're looking them up,

0:09we need to find an exact match.

0:12We're not submitting any kind of mask along with this,

0:17or we're not storing the Mac addresses along with a mask.

0:20We are storing exact Mac addresses

0:23and so we can't use masks with CAM.

0:26And if we want to use masks

0:28and we have a lot of use cases

0:29for masks in the networking world, we're going to have

0:32to store the mask in the table.

0:35This is going to require different type of memory

0:37that we call Ternary content addressable memory,

0:40which can be abbreviated as TCAM.

0:44CAM stores two values, if we think about it,

0:47we've got the value

0:48that we're storing, which is an exact 48 bit Mac address.

0:53And then we've got the result on the other side,

0:55which in our case would be the port.

0:57So the port is the result.

0:59The exact full 48 bit Mac address is the

1:02value that we're storing there.

1:04With Ternary CAM, we get a third value or a third parameter.

1:09We store the value, some number of bits in here,

1:12but then we also store a mask along with the value.

1:16And then we've got the result.

1:18This is why we call it Ternary CAM.

1:20The word ternary is in reference to the number three.

1:23We are storing three different values here, which is going

1:25to allow us to use the concept of a mask.

1:29Now again, we've got a lot of different use cases for masks.

1:32If we think about where we use masks,

1:34probably the first thing we're gonna come up

1:35with is IP routing.

1:37I'm gonna look up a routing table entry, I know

1:40that I include masks with the entries in that table.

1:45Now, I also have to think about access control lists

1:48to think about quality of service.

1:49And by the way, IP routing can be split off

1:52between IP version four

1:53and IP version six, since both of them use masks.

1:57So here's the idea.

1:59What ends up happening is the CPU is sending,

2:03let's say something to the TCAM which says, hey, I've got

2:08to send a packet

2:09and it's destined for 10.0.0.25, something like that.

2:14Give me a result.

2:16Basically an outgoing port

2:18or a next top IP address, whatever is stored there

2:21for this address.

2:23Well, we might have 10.0.0.0 in here.

2:28We might have 10.0.0.8, something like that.

2:33And then we've got different masks in here.

2:35And so basically these are the don't care bits.

2:39And so maybe we're gonna find that this 10.0.0.0 entry,

2:45this was using a slash 24 mask.

2:49Whereas this entry down here,

2:51this is using like a a slash 29.

2:54So now we've got two different masks

2:56that imply different things.

2:58Now in this example, this address doesn't fall

3:01into the subnet, it only falls into the top one.

3:04And so we can pretty easily say, well, this is our match

3:07and we're going to provide the port,

3:09send it out gig zero zero or whatever the situation is.

3:13Naturally, if we have two of these values that fit, well,

3:17both of them would be matches

3:18and we'd have to run the longest prefix match,

3:21which is going to hopefully identify

3:23for us one or the other.

3:24So let's say we had 10.0.0.24 slash 29.

3:28Well now it actually fits into this one as well.

3:32And so we'd find matches for both of these,

3:34but we'd use longest prefix match to identify

3:37that this is the right entry and

3:39therefore we're going to return this result

3:41of gig zero slash one or whatever the situation is there.

3:46Now, that raises an interesting point

3:48'cause the result could be many different things.

3:50We could actually have these as interfaces,

3:52we could have them as next top addresses.

3:54Access control lists are going to store, you know,

3:57their deny or allow result in here.

4:00And so we've got a lot of different options

4:02to include in the result.

4:04And so the TCAM space gets

4:06to be a little bit more complicated, especially,

4:09and we consider the fact that we're including a mask

4:10in the calculations.

4:12Now, just like with CAM, TCAM is also expensive.

4:16It is also deployed in hardware in most cases.

4:21And as a result, we have a finite amount

4:23of space for the TCAM.

4:25The difference here is that our CAM had a finite amount

4:28of space, but it's all Mac addresses.

4:31We don't need to worry about trying

4:33to fit IP addresses in there

4:34and sharing that space with the CAM.

4:36Whereas over here we've got a lot of different options

4:38and potentially even IP version four

4:40and IP version six entries that all have

4:43to cram into the same finite space.

4:45So most of our Cisco devices are going

4:47to carve this up some way from the beginning.

4:50There'll be a default setting where we've got

4:51so many IPV four routes

4:54or space for IPV four routes, so much space

4:56for access control list, quality of service entries,

4:58and so on and so forth.

5:00What we might find though is that in order

5:02to enable IPV six on a platform, we actually have

5:05to change the TCAM configuration or vice versa.

5:08Maybe we have a default of

5:11so many IPV six routes that are stored in there.

5:13And as a result,

5:14if we're not running IP version six in our environment,

5:17we actually wanna disable that

5:19and give us more CCAM space for IP version four.

5:22But this is a finite resource on every Cisco platform.

5:28And so we just in some situations have to be aware

5:30that we might have to reconfigure the TCAM depending on the

5:33scale of our environment.

0:00<v ->All right, let's jump onto the CLI</v>

0:02and see some commands in action that relate back

0:05to everything we've been talking about.

0:06One of the biggest commands we're going

0:08to use a lot is show Mac address dash table.

0:11Now the good news is that

0:14we can actually abbreviate that down.

0:16It's interesting, because it looks like we abbreviate down

0:19to show Mac address.

0:20But that address is actually in reference

0:22to address dash table, so keep that in mind.

0:25Now, we're on this CML topology.

0:28So this is the CML topology that's available for download.

0:31You should be applying this into your CML environment

0:34and following along

0:35and then conducting the lab challenge

0:37at the end of the skill.

0:38So what we have is we have a couple of virtual switches

0:41with a couple of virtual routers attached to those,

0:43fairly basic topology.

0:44We just wanna see how these switches are logging

0:46the Mac addresses and what we can do

0:49that might be interesting from a Mac address perspective.

0:52And so one thing to keep in mind always

0:55with these virtualized switches is that emulated switches,

0:59they don't always behave fully 100% correctly.

1:03Switches are actually very difficult to emulate.

1:05It took a long time for us to have virtual switches

1:08that were useful.

1:10And so these are very useful,

1:11but as you'll notice, we don't actually see

1:14all of the static addressing

1:16that we maybe would see on a physical switch.

1:19This is one reason why I recommend having physical switches

1:23in addition to your lab.

1:24We're probably gonna need those down the road

1:25for SDA anyways, but for right now even,

1:29the virtual switches are great,

1:30but it's still not showing the full picture.

1:33For example, if I switch over to

1:35that hardware switch we were looking at earlier,

1:37I can run the show Mac address command here

1:40and we do see all of those static mappings,

1:43the dynamic mappings, that's what we'd expect

1:46to see in a real world switch.

1:48Whereas the virtual switch is only showing us addresses

1:51that it's truly learned from packets flying around.

1:55And so what we have here are a few Mac addresses,

1:59especially routers one and two

2:00because before I sat down, I generated traffic.

2:04I pinged from one router to the other

2:06to make sure that we had some Mac addresses in this table.

2:09And so I could, for example, clear the Mac address table,

2:12clear Mac address dash table.

2:15And then we do have to specify the fact

2:17that we're going to clear the dynamic entries.

2:20You may recall, by the way, that we had more options

2:22on the hardware switch.

2:23So again, just another nuance to the software switches.

2:27So after clearing it, I can look at it again.

2:29Now all of the Mac address entries are gone.

2:32So what if I come to router one and I ping?

2:35And so that address that we're looking at,

2:38router two is 28.50.1.2.

2:42So I ping across.

2:45Should find success there, very good.

2:47And now when I show Mac address,

2:49I should see all those Mac addresses populated.

2:51So two of those are gonna be our router.

2:53Another one is just one of the switches

2:55or something that is being generated

2:57in this lab environment.

2:59And so we now have two Mac addresses

3:02from our two routers in here.

3:04Now before we move on to configuration,

3:06some other show commands we might wanna be aware of,

3:09I can do show Mac address table.

3:12And then what's interesting here is I can say

3:14address again, this time for literally the word address.

3:17The full command would look like this.

3:18Address dash table, then address,

3:20and then I can specify the address that I'm looking for.

3:23So if I have thousands of entries in this Mac address table,

3:27this can be very useful

3:28for flagging down an individual port

3:31for an individual Mac address.

3:33But again, we can abbreviate it like this.

3:35Show Mac address, address.

3:37Whoops, address, table address.

3:39It looks like show Mac address, address.

3:42But that is the command that will get us there.

3:44We can also do a show Mac address table count,

3:48and this will give us a count per VLAN

3:50of how many Mac addresses there are

3:51on each cam table individually.

3:53And then we can also do show Mac address table

3:56and then aging time.

3:58So this command is going to show us the global aging time

4:02as well as on a purview end basis

4:03which we can actually change.

4:05So again, the default is 300 seconds, which is five minutes.

4:09So let's go ahead and think through

4:11what are some interesting things we could configure

4:13from a Mac address perspective?

4:15Well, one thing we can do is we can configure

4:17custom Mac addresses.

4:19So if I do a show interface gig one

4:22on this virtual router one,

4:24I see that I've got a burned in address,

4:27which is a little ironic since it's a virtual router,

4:28but we still call it a burned in address.

4:30And our current operating address is the same.

4:33It's that CC 78 that did show up.

4:37Let me go up here, right here.

4:39We do see this Mac address show up here,

4:42which is the after we generated traffic.

4:43So we've got that burned in address.

4:46What I can do is do a config T interface gig one,

4:49and we're used to, IP address for example.

4:53Instead I can do Mac dash address

4:56and then specify the Mac address.

4:58Cisco likes their...

5:00If we wanna call it dotted decibel format,

5:02we usually refer to that for IP addresses,

5:04but this is using the decimal format

5:05rather than colons for Mac addresses.

5:07So I could tell router one to use 1.1.1 as the Mac address.

5:11It's going to flap the interface down and then back up.

5:15And at that point, it will be using,

5:17we're still waiting for it to come back up here.

5:18But in the meantime, ah, there it goes.

5:20Show interface gig one shows that I still have

5:23that same burned in address,

5:25but the Mac address is now changed on the interface.

5:28So if I do a ping, let's just cycle back up here

5:32before we pinged router two, let's run that ping again.

5:35That took a moment because router two had to re-ARP

5:38for the new Mac address.

5:40And now, if I come back here

5:42and do show Mac address table,

5:45we should see that 1.1.1 is indeed in the table.

5:50Now we do still see CC 78 in here

5:53because it hasn't timed out yet.

5:55So now without any traffic coming in

5:57from the old Mac address,

5:58we'll find that this entry does indeed go away eventually.

6:02So we see router one's custom Mac address now

6:04showing up in the table.

6:06We could do that on router two as well,

6:07but it would look the same.

6:09Next, we could change the aging time itself.

6:12So this is gonna require us getting in here,

6:14configure terminal,

6:16and then we can do a Mac address table command.

6:20We're gonna do question mark.

6:21We can see some of the things we can do.

6:22I could configure an aging time.

6:24I can configure static address.

6:25So we'll look at both of these.

6:27First of all, the aging time.

6:28So if I do aging time, I'm gonna specify

6:31how long I want something to last,

6:33or the aging timer to last.

6:35So I could specify maybe 10 seconds in here.

6:37This is in seconds, by the way.

6:39It allows for a pretty wide range of configuration,

6:4110's actually the minimum.

6:43And then I do have to specify a VLAN if I want to,

6:46or I can configure this globally.

6:48Let's just say that this is for VLAN one.

6:51So at this point, our Mac address table,

6:53if we do a show Mac address table,

6:57we should see that it's actually cleared out

6:58pretty fast there. (laughs)

7:00When we change the aging timer,

7:02it's going to clear the Mac address table.

7:04And then if we do a show Mac address table aging timer,

7:10we'll see that the global timer is still 300,

7:13whereas VLAN 1's is now configured custom

7:16to use 10 seconds.

7:18One interesting note in all of this, check this out.

7:20Enter zero to disable the aging timer.

7:24So if I wanted to outright disable aging,

7:26which is really not advisable,

7:28but if Cisco asks us to do it for some reason,

7:31this is where we would do it

7:32and we'd use zero as our parameter.

7:35So next, we want to demonstrate the concept

7:38of a static Mac address.

7:40Now, this is not particularly

7:42going to be a common configuration,

7:44but it is worth noting that if we do that Mac address table,

7:48and we did that question mark, we saw static show up.

7:51So static allows us to configure static mapping,

7:54like let's just say 4.4.4.

7:55We don't have that in our environment.

7:57And so from here I have to specify the VLAN.

7:59So we'll just say this is in VLAN 10.

8:02And then what interface?

8:03So this is truly creating a hard mapping.

8:05Let's just say this is going out gig two.

8:08Oops, we've got to specify, I guess, (laughs)

8:12a little bit more of a name.

8:13All right, fine, gigabit ethernet two.

8:17And that is not taking.

8:19Let's just say gig zero.

8:20No?

8:21You know what I just realized, we're on switch one,

8:23not on router one.

8:25(laughs) So this is actually expecting

8:27something like zero two.

8:29There we go.

8:30That would be what was holding this up.

8:32So now let's exit out and do a show Mac address table.

8:37And we see that we have a static mapping

8:40for the all fours, pointing to gig zero two.

8:44And I can try to clear this out,

8:46clear Mac address table dynamic.

8:51And it's not going to clear out

8:52because I'm only able to clear dynamic addresses,

8:55as we've shown, we can't clear static ones.

8:58Now a couple of other interesting things,

9:00and this is going to require switching over

9:02to the hardware switch because it's only supported,

9:05not that one, this one, on hardware.

9:09We've got a couple other commands to look at.

9:11So first of all, if I do a config T,

9:13I can tell a switch to always drop specific Mac addresses,

9:20which is interesting.

9:21So I can say Mac address table.

9:24And basically what I'm gonna do is I'm going

9:25to create a route to this layer to address that says that,

9:30"Hey, we're just gonna black hole the traffic."

9:32So Mac address table static,

9:35and then I specify the address 5.5.5,

9:39and then I specify which VLAN this is part of,

9:41let's say VLAN 10.

9:42And then instead of specifying the interface like I just did

9:45on the virtual switch, and we did notice, by the way,

9:48that I think I ran the question mark command up here.

9:52Yeah, the only option here was interfaces,

9:54because it's the virtual switch,

9:56it doesn't actually run a true cam table.

9:58And so they limit what we can configure.

10:01So back to the hardware option.

10:03And this hardware option, I can specify the drop.

10:06So I can say drop here.

10:08And this creates a rather interesting looking entry.

10:11Show Mac address table.

10:15And we're going to find that we've got a static option

10:18or a static Mac address entry of 5.5.5.

10:22But check out the value in there.

10:23It's not an interface anymore,

10:25it is simply saying that we're going to drop it,

10:27which is kind of interesting.

10:29The last option that we can only do on hardware switching is

10:33we can actually disable learning altogether.

10:36So this is pretty fascinating.

10:37So we can say no Mac address table learning,

10:41and then we have to specify what VLAN.

10:43So I'm gonna say VLAN 10.

10:46Let's see here.

10:47We've got 24, let's just do VLAN 24.

10:50Doesn't really matter.

10:51So I'm going to disable Mac address learning on VLAN 24.

10:55Now the switch won't allows us to do this on VLAN one,

10:58but we can do it on any of the other VLANs, I suppose.

11:02So again, this give us a very big warning.

11:05This is not advised, this is not something we should do.

11:08It's going to rely entirely on flooding at this point.

11:11So we have to be very careful

11:13about ever deploying this in a real world situation.

11:17But a lot of these commands are less about real world

11:20and more about just understanding what options are out there

11:22and making sure we understand how to go

11:24about doing something if we're given a lab task

11:26that might require it.

11:28So that's pretty much our overview on Mac addresses

11:31and all of the commands.

11:32And now it's time to jump into the lab

11:34and perform a challenge that calls

11:36a lot of these commands into us performing them.

0:00<v ->Okay, let's perform these lab tasks together.</v>

0:03So I have a freshly started CML instance.

0:06Here we've got router one, switch one, switch two,

0:09and router two.

0:10So aligned left to right, sort

0:12of like our lab topology there I suppose,

0:14or at least, hah, from a sequential perspective.

0:17So the first thing is on switch one,

0:19we wanna validate the Mac addresses that are in here.

0:21So we're going to log in and do that.

0:23Show Mac address, table command.

0:26And we need to find out if these are actually router one

0:29and two's Mac addresses.

0:31So we're gonna be focusing in on gig one.

0:33The way we do that is do that show interface

0:36and then we can see that CC seven eight is R one

0:40and over on this side show int gig one

0:45ED five F.

0:46So we've got CC seven eight and ED five F.

0:49So we do have both of them in here.

0:51Now, if you fired up your lab environment

0:55and you let it sit for five minutes,

0:56these entries might not be there.

0:58So it did say to ensure that they show up dynamically.

1:00The best way to do that is to simply ping

1:02from one side to the other.

1:03So we should have layer three connectivity here.

1:05It's actually just a VLAN stretched across.

1:07So could even argue it's just, uh, layer two connectivity,

1:12but either way we're pinging across

1:13and we get to router two, no problem.

1:15So that would be task number one.

1:18Now, task number two, we want

1:19to change the Mac aging timers on switches one and two.

1:22So we're gonna get onto switch one

1:24and we wanna make sure that addresses age out

1:26after one minute.

1:28So we're gonna do a config T

1:32and we're going to, let's see here, we're going

1:34to use the Mac address table command.

1:37So what we wanna do is we wanna change the aging time,

1:41aging dash time and we can set this globally

1:44or we can set it on a per VLAN basis.

1:47Now we're going to set this to age out after one minute.

1:50Again, this is in seconds. So we wanna say 60 here.

1:53And then we can hit enter

1:55and this will enter it in globally on switch one.

1:58Now switch two, switch over here.

2:01We want to make sure that they never age out,

2:04which is again, not really an advisable situation,

2:07but certainly something we need to

2:08make sure we know how to do.

2:09So, um, MAC address dash table.

2:13And then we're going to specify again that aging time.

2:17And remember this is where we disable aging.

2:20We say zero here and then we can specify our VLAN.

2:23So we're gonna specify VLAN 10 in this case.

2:25So we should always try to validate things.

2:27We wanna do show Mac address aging time.

2:31And so we do see that the global remains the same on switch

2:33two, but we have no aging time on VLAN 10.

2:36And then same thing over here, show

2:39Mac address table aging time.

2:42And we do see the global has been reduced to 60 seconds.

2:45So task two should be complete with that. Next, task three.

2:48So change router one's, gig one interface to

2:53the one that we listed out.

2:54So we're gonna do config T interface gig one,

2:57and then remember it's the mac dash address command.

3:00So this case we wanna do

3:010, 0, 1, 1 dot 0, 0, 1, 1 dot 0, 0, 1, 1.

3:06Now we can do that,

3:07but do keep in mind

3:08that we can also say 1, 1 dot 1, 1 dot 1, 1 like this.

3:12And so it'll accomplish the same thing

3:14'cause we can trim off the leading zero.

3:15So however you did it is fine.

3:17And we wanna do this on router two as well.

3:20So config T interface gig one and MAC address

3:25and 22 dot 22 dot 22.

3:28Now it's said to show, make sure

3:30that these Mac addresses show up in this switching table.

3:34So if I do a show Mac address table,

3:37you know 11 actually did show up, so that's kind of cool.

3:40It generated some traffic there that let us learn that.

3:42The best way to make sure both sides get added is once again

3:46to generate some traffic.

3:47So we're just gonna ping across 25 dot 50 dot 1 for

3:51VLAN one and then dot 2 for router two.

3:55So once we do all the ARP things, we've got our pings across

3:59and hopefully now we get 11

4:02and 22 showing up in this table.

4:04So this is a good thing.

4:06We've got both 11

4:07and 22 in the table, which means task three is done.

4:10Task four, we want to perform a couple of interesting tasks.

4:14So number one, on switch one, we're going to make sure

4:18that we can create a static entry.

4:21So this is that MAC address table.

4:25And then static command.

4:26So what we said we wanted to map is 33 dot 33 dot 33.

4:31And then we need to define, decide which VLAN

4:34to place this into.

4:35So we're going to place it into VLAN 10.

4:39And then from here we specify the interface.

4:42So we have to say interface

4:43and then gig zero slash two.

4:47So from here we wanna make sure show Mac address table.

4:53I wanna make sure that it shows up and it does.

4:5433 is appointed to gig zero two in VLAN 10.

4:58So that is a successful, um, task.

5:02Now, task sub task two here is we want to drop all

5:07of the command or all of the traffic going to 44.

5:10Now again, this is one of these

5:11that's not supported on a virtual switch.

5:16And so we're going to fire up a

5:18physical switch at this point.

5:19Again, as we've said

5:20before, it's always recommended we have a couple

5:22hardware switches available.

5:23Naturally we couldn't provide that with the CML file.

5:26And so if you weren't able to perform this task,

5:28just make sure you have this part memorized.

5:30So the way we do this is we do the MAC address table

5:33command, and we're forming a static mapping.

5:37And so this was to 44, 44, 44,

5:41but this time we were run the question mark.

5:42Whoops, that's right, VLAN 10, that's we said.

5:45Now we have to decide are we mapping into an interface

5:47or are we just going to drop it?

5:48We can enter drop here and that will add the entry.

5:51So show Mac, address table.

5:53And we should see that this manual mapping

5:56Just we did earlier is getting dropped.

5:59But again, unfortunately the virtual switch

6:02just doesn't support that.

6:04Now lastly, task five is very similar in that we have

6:07to do this on a hardware switch, activate flood

6:10and learn behavior for all layer two traffic on switch two.

6:14And so we need to disable learning.

6:16So we're gonna do a config T,

6:18and this is the no Mac address table learning.

6:22And then we can specify a VLAN, so VLAN 10

6:25and we can disable the learning there.

6:28So that is how we go about performing these different tasks.

6:32Hopefully by the end of this you feel like you were able

6:35to perform all of them well.

6:37If not, then just go back and do the lab again.

6:39Otherwise, I hope this has been informative for you

6:41and I'd like to thank you for viewing.