show mac address-table
Displays the MAC address table (also known as CAM table) on a switch, showing which MAC addresses are learned on which VLAN and port, used to verify Layer 2 forwarding and detect issues like MAC flooding or incorrect port assignments.
show mac address-tableWhen to Use This Command
- Verify which port a specific device (e.g., a server at 192.168.1.100) is connected to by checking its MAC address.
- Troubleshoot connectivity issues by confirming that MAC addresses are learned on the expected VLAN and port.
- Detect potential MAC flooding attacks by looking for an unusually high number of dynamic MAC entries on a single port.
- Check for stale or incorrect MAC entries after a topology change (e.g., moving a cable to a different port).
Command Examples
Basic MAC Address Table Display
show mac address-tableMac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 1 0050.7966.6800 DYNAMIC Gi0/1 1 0050.7966.6801 DYNAMIC Gi0/2 10 00a1.b2c3.d4e5 STATIC Gi0/3 10 aaaa.bbbb.cccc DYNAMIC Gi0/4 Total Mac Addresses for this criterion: 4
Line 1: Header. Line 2: Dashed separator. Line 3: Column headers: Vlan (VLAN ID), Mac Address (MAC in dotted hex), Type (DYNAMIC, STATIC, or other), Ports (interface). Lines 4-7: Each entry shows VLAN 1 has two dynamic MACs on Gi0/1 and Gi0/2; VLAN 10 has a static MAC on Gi0/3 and a dynamic MAC on Gi0/4. Last line: Total count of MAC addresses displayed.
Display MAC Address Table for a Specific VLAN
show mac address-table vlan 10Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 10 00a1.b2c3.d4e5 STATIC Gi0/3 10 aaaa.bbbb.cccc DYNAMIC Gi0/4 Total Mac Addresses for this criterion: 2
Same format but filtered to VLAN 10 only. Useful to focus on a specific VLAN's forwarding table.
Understanding the Output
The output shows the MAC address table, which is the core forwarding table for Layer 2 switching. The 'Vlan' column indicates the VLAN in which the MAC address was learned or configured. The 'Mac Address' column displays the 48-bit MAC address in dotted hexadecimal format (e.g., 0050.7966.6800). The 'Type' column indicates how the entry was learned: 'DYNAMIC' means the switch learned it from incoming frames, 'STATIC' means it was manually configured, and other types like 'SECURE' or 'STICKY' may appear in port security contexts. The 'Ports' column shows the outgoing interface (e.g., Gi0/1) for frames destined to that MAC address. In a healthy network, you expect dynamic entries to match the actual device connections; a sudden increase in dynamic entries on a single port may indicate a MAC flooding attack. Static entries are typically used for servers or routers. Empty tables or missing expected entries suggest a Layer 2 issue (e.g., VLAN mismatch, cable problem). The total count at the bottom helps quickly assess table size.
CCNA Exam Tips
CCNA exam tip: Know that the MAC address table is also called the CAM table; the command 'show mac address-table' is the modern syntax, but older IOS may use 'show mac-address-table'.
CCNA exam tip: Dynamic entries age out by default after 300 seconds (5 minutes); you can verify this with 'show mac address-table aging-time'.
CCNA exam tip: A common exam scenario: after moving a PC from port Gi0/1 to Gi0/2, the MAC address may still appear on the old port until the aging timer expires or you clear the table with 'clear mac address-table dynamic'.
CCNA exam tip: Be able to distinguish between dynamic, static, and secure MAC addresses; secure MACs are configured with port security and appear as 'SECURE' or 'STICKY'.
Common Mistakes
Mistake: Confusing the MAC address table with the ARP table; the MAC table is Layer 2 (switch), ARP is Layer 3 (router).
Mistake: Forgetting that the MAC address table only shows entries for the local switch; it does not show MAC addresses of devices on other switches unless they are in the same VLAN and the switch has learned them.
Mistake: Assuming a static MAC entry guarantees connectivity; if the port is down or the device is disconnected, the entry remains but traffic will fail.
Related Commands
clear mac address-table dynamic
Clears all dynamically learned MAC address entries from the MAC address table, forcing the switch to relearn MAC addresses on interfaces.
show mac address-table dynamic
Displays the dynamically learned MAC address table entries on a switch, used to verify which devices are learned on which ports and VLANs.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions