This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Configure maximum mac-addresses per port

Configure maximum mac-addresses per port

Hermes_Medina
New Contributor

‎02-17-2015 08:31 AM

Hello Mates, I would like to know what is the equivalent of this cisco command "switchport port-security maximum 2" Im actually working on X440-48p switches and I need to configure that. Thank you very much 
0 Kudos
8 REPLIES 8

jackmikel
New Contributor

‎10-28-2015 11:48 AM

I agree with you when I configure:
conf port 3:15 "foobar" limit-learning 1 action blackhole

but with

conf port 3:15 "foobar" limit-learning 1 action stop-learning
you will not see the mac with "show fdb foobar"

But this made my day:

configure log filter DefaultFilter add events FDB.FdbNotice

With this extension of the DefaultFilter you get:

10/28/2015 13:08:17.58 Slot-1: MAC stopLearning[limit exceeded]: Port 3:15 MAC A4:BA:DB:B6: 7:7F Vlan foobar

Thank you!
0 Kudos

Prashanth_KG
Extreme Employee

‎10-28-2015 07:10 AM

Hi Jack,

As Alexandr pointed out, we can also make this information automated so that it can show up in the log as below:

Make the following configuration:

configure log filter DefaultFilter add events FDB.FdbNotice

* Slot-1 Stack.32 # sh log
10/28/2015 05:27:23.98 Slot-1: MAC Blackholed [limit exceeded]: Port 1:47 tag 1 MAC 0: 0: 0: 0: 1:1D Vlan Default
10/28/2015 05:27:23.91 Slot-1: MAC Blackholed [limit exceeded]: Port 1:47 tag 1 MAC 0: 0: 0: 0: 1:1C Vlan Default
10/28/2015 05:27:23.85 Slot-1: MAC Blackholed [limit exceeded]: Port 1:47 tag 1 MAC 0: 0: 0: 0: 1:1B Vlan Default
10/28/2015 05:27:23.78 Slot-1: MAC Blackholed [limit exceeded]: Port 1:47 tag 1 MAC 0: 0: 0: 0: 1:1A Vlan Default
10/28/2015 05:27:23.71 Slot-1: MAC Blackholed [limit exceeded]: Port 1:47 tag 1 MAC 0: 0: 0: 0: 1:19 Vlan Default

Hope this helps!

0 Kudos

Prashanth_KG
Extreme Employee

‎10-28-2015 06:36 AM

Hi Jack,

You might be interested in the output of "show fdb which will display the port number and the mac-address which is dropped.

Slot-1 Stack.30 # sh fdb "Default"
Mac Vlan Age Flags Port / Virtual Port List
--------------------------------------------------------------------------------
00:00:00:00:01:15 Default(0001) 0049 d m 1:47
00:00:00:00:01:16 Default(0001) 0049 d m 1:47
00:00:00:00:01:17 Default(0001) 0049 d m 1:47
00:00:00:00:01:18 Default(0001) 0049 d m 1:47
00:00:00:00:01:19 Default(0001) 0166 d m Bb 1:47
00:00:00:00:01:1a Default(0001) 0166 d m Bb 1:47
00:00:00:00:01:1b Default(0001) 0166 d m Bb 1:47
00:00:00:00:01:1c Default(0001) 0166 d m Bb 1:47
00:00:00:00:01:1d Default(0001) 0166 d m Bb 1:47
00:00:00:00:01:1e Default(0001) 0049 d m 1:47
00:00:00:00:01:1f Default(0001) 0049 d m 1:47
00:00:00:00:01:20 Default(0001) 0049 d m 1:47
00:00:00:00:01:21 Default(0001) 0049 d m 1:47
00:00:00:00:01:22 Default(0001) 0049 d m 1:47
00:00:00:00:01:23 Default(0001) 0049 d m 1:47
0 Kudos

jackmikel
New Contributor

‎10-21-2015 09:27 AM

It's not standard, isn't it? Because whether in the User Guide nor in the Refernce Guide I found a possiblity to be informed when mac-adresses are dropped because the limit-learning is reached and stop-learning takes place. The command "sh foobar sec" shows only "learned, blackholed and locked" but not dropped! And "sh fdb stats foobar" shows dropped mac-adresses, but not at which port of the switch. It would be great to see or to be informed at which port of the switch the macs are dropped because of limt-learning and action stop-learning. Any example or idea how this could work? Thank you in advance.
0 Kudos
GTM-P2G8KFN