How to clear Maclock "Last Violating MAC address" field

  • 0
  • 1
  • Question
  • Updated 8 months ago
  • Answered
  • (Edited)
For many years our C5 stacks (edge switches) have the following configuration for all edge ports...
set maclock enable
set maclock trap <port> enable violation
set maclock agefirstarrival <port> enable
set maclock firstarrival <port> 8
set maclock enable <port>

This was recommended by an Enterasys Engineer to protect the network from loops, mac floods and notify us if a port has more than 8 devices (we use macauth/multiauth; C5 limit is 8 devices).

Over the years the system has worked well except for once in a while (due to a firmware bug) the maclock firstarrival <port> # needs to be increased for a total of 8 devices to be allowed (only happens when switch has been running for months and a reboot fixes things).

When I run "show maclock" I see...
Port     Port Trap     Syslog   Aging Port     Clr Max Max  Last Violating
Number   Stat Thr|Viol Thr|Viol Stat  Dis|Viol OLC Stc FA   MAC Address
-------- ---- -------- -------- ----  -------- --- --- ---- -----------------
ge.2.37 ena dis|ena dis|dis ena dis|dis ena 20 8 c0:3f:d5:f6:23:73

Short of rebooting the switch, how do I clear the "Last Violating Mac Address"?

Have tried Policy Manager's Maclock tab; when I select an entry, the "Remove" button remains greyed out.

Thanks
Nabil
Photo of Naoman Ghani

Naoman Ghani

  • 100 Points 100 badge 2x thumb

Posted 8 months ago

  • 0
  • 1
Photo of Careno, Ryan

Careno, Ryan, Employee

  • 1,092 Points 1k badge 2x thumb
How about the following command:

clear maclock c0:3f:d5:f6:23:73 ge.2.37


Ryan
Photo of Naoman Ghani

Naoman Ghani

  • 100 Points 100 badge 2x thumb
The result is "The specified entry does not exist." :(

Switch firmware version is  06.81.07.0004
Photo of Careno, Ryan

Careno, Ryan, Employee

  • 1,092 Points 1k badge 2x thumb
I have found the only way to clear this is with a switch reset, or when another "violating" user is plugged into the port in question. The MAC address stays in the switch so when a "violating" user plugs into the switch, it can be viewed at a later time even though they are no longer plugged in. This is not a field that can be administratively cleared