MAC FILTER X450e

  • 0
  • 1
  • Problem
  • Updated 3 years ago
  • Solved
Hello everydoby,

Actually, I have the Extreme x450e in my local network.

I want to put the mac address filter system for limit the number of machines to connet in my LAN.

After several research, I realize that some functionalities are absent.
Specially, the "MAC lockdown" command .

So I suppose that I don't have the recent version of the firmware.
Actually, I have the 15.3.3.5 version .

So, if you suppose that i have a old firmawre, can you tell me the last version of the OS please ?

Advance thanks,

Ragavan Sriram
Photo of ragavan sriram

ragavan sriram

  • 90 Points 75 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Taykin Izzet

Taykin Izzet , Employee

  • 3,106 Points 3k badge 2x thumb
Ragavan,

The X450 series switches are supported till the latest and current patch release of v15.3.5.2-patch1-9. This would be the recommended version.

MAC Address Lockdown can be achieved using the command:

configure ports <portlist> vlan <vlan_name> [limit-learning <number> {action [blackhole |  stop-learning]} | lock-learning | unlimited-learning | unlock-learning]

This command causes all dynamic FDB entries associated with the specified VLAN and ports to be
converted to locked static entries. It also sets the learning limit to 0, so that no new entries can be
learned. All new source MAC addresses are blackholed.
Photo of ragavan sriram

ragavan sriram

  • 90 Points 75 badge 2x thumb
Hello Taykin Izzet,

Thank you for reply.

I will update my OS first, and I try your command.

See you soon.
Photo of ragavan sriram

ragavan sriram

  • 90 Points 75 badge 2x thumb
Hi Taykin Izzet, I'm back :)

In fact, when i use the action of your command, I just have blackhole and stop-learning.

Other thing, when I fix  limit-learning 1 in a port, the switch don't block the second machine.

It's very strange, do you have any idea ?

Advance thanks,
Photo of Taykin Izzet

Taykin Izzet , Employee

  • 3,106 Points 3k badge 2x thumb
Ragavan,

Please try clearing the fdb entry on that port and test again.

clear fdb ports <port_#>


The following are some examples:

First example, configures limit learning on ports 1 through 10 and 22 through 23 on the default VLAN. The port will learn two MAC addresses before the port is blackholed.

# configure port 1-10, 22-23 vlan "Default" limit-learning 2 action blackhole


This second example, configures limit learning on slot 1, port 1 through 10, and slot 2, ports 22 and 25. The port will learn 1 MAC address before its stops learning.

# configure port 1:1-1:10, 2:22,2:25 vlan "default" limit-learning 1 action stop-learning
(Edited)