limit-learning doesn't work on stack with EXOS 15.3.1.4

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
Hello, everybody!

I have a mixed stack of x440 and x460 g1 switches.

I want to configure limit-learning for a certain port.

I say: configure port 3:9 vlan v12 limit-learning 1 action stop-learning

I connect laptop to this port and get an IP. Then I change to another laptop ang get an IP again!

What am I doing wrong?

show fdb port 3:9 show that MACs are changing (and these are laptops MACs)

show port 3:9 info detail show:

MAC-limit = 1, Action = stop-learning.

But nothing happens! I connect third laptop and it gets IP too.

When I say "configure port 3:9 vlan v12 lock-learning" it blocks the port.

Could you please help me with this issue?

Many thanks in advance,

Ilya 
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hi,

Limit-learning is dynamic. That means the port allows only 1 MAC address at a time (based on your configuration of limit-learning = 1). If you disconnect the laptop an plug in a new one, it will also work.

Lock-learning will "convert" the MAC already learned from dynamic to static and set limit-learning to zero so no new MACs will be added to the FDB.

Could you please clarify what are you trying to accomplish?

Thanks,
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Hello, Henrique!

I want to prevent users from changing machines on a port. If they try to connect one more device to the port, this port shold be blocked.

I can't apply lock-learning after limit-learning and vice versa.

Are there any solutions on my task?

Thank you!
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
You can add a static mac address to port and disable learning on that port.

--
Jarek
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
I have 9 stacks with about 2000+ ports...
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hi,

When using limit-learning = 1 with action blackhole, if the user tries to use a second device to that port, the second MAC will be added as a blackhole entry to FDB.

configure port <port_number> vlan <vlan_name> limit-learning 1 action blackhole

However, if the user unplug the laptop and plug the new laptop he will get access. 

On both cases, they will be able to use just 1 device at a time.
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
Ilya,

limit-learning - specifies a limit on the number of MAC addresses that can be dynamically
learned on the specified ports.

When you disconnect laptop switch clear fdb for that port.
Then you connect new device, switch learn new mac address.

If you connect to sw-Extreme port another switch and to this switch 3 laptops,
then switch sw-Extreme will learn only one mac address, all other are blackholed.

--
Jarek
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 47,212 Points 20k badge 2x thumb
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Hello, Ron!

I have experience using mac-locking command and know it works, but I live in 15.3 world.

This is very obvious good idea to upgrade EXOS. But the problem is when I upgrade my composite stacks (x440-x460) to 16.2 (or to any of 15.x - higher than 15.3) they start arbitrary blocking ports during daily peak hours. Two years ago Extreme's engineers from Moscow (! - your employees) were unable to solve the problem and left 15.3 as the only stable firmware. The contract is expired now. I 99% sure that it is MSTP issue, totally useless for the current infrastructure (less than 30 vlans). I am going to change STP version to PVST+ on Saturday. Hope it will help.

Thank you!
Photo of Necheporenko, Nikolay

Necheporenko, Nikolay, Employee

  • 1,450 Points 1k badge 2x thumb
Hello Ilya,

You stacks are running XOS image affected with next CR's:
xos0057211 - Traffic gets forwarded for blackholed MAC address when limit learning enabled.
xos0054065 - Switch fails to recognize previously learnt MAC Addresses when configuring the features - MAC Lockdown and Limit Learning

Updating EXOS to the latest 15.3 patch should solve the issue.

Best Regards,
Nikolay
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Ya pryamo hochu dva laika postavit, potomu cho eto desyatiy, navernoe, bag, na kotoriy ya natikayus, pomipo obnarujennih mnoy lichno i podtverzhdenniy mezhdunarodnim TACom. Zaprosil u distukov poslednyuyu zaplatku...

Zbazibo.
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Evening, everyone!

I've tried to implement such a configuration on my 16.2 stack:

enable mac-locking
enable mac-locking ports 5:17
configure mac-locking ports 5:17 first-arrival limit-learning 1
configure mac-locking ports 5:17 first-arrival link-down-action retain-macs
configure mac-locking ports 5:17 log violation on
configure mac-locking ports 5:17 learn-limit-action disable-port


Everything works as expected, but I want to ensure that it will keep working after rebooting the switch!

Many thanks to all participants of this discussion!!!!
(Edited)