Configure maximum mac-addresses per port


Hello Mates, I would like to know what is the equivalent of this cisco command "switchport port-security maximum 2" Im actually working on X440-48p switches and I need to configure that. Thank you very much 🙂

8 replies

Userlevel 6
hello!

configure ports port_list {tagged tag} vlan vlan_name limit-learning action stop-learning
Thank you very much
Userlevel 1
Is there a possibility to be informed if there are mac addresses dropped by the limitation.
Userlevel 6
jackmikel wrote:

Is there a possibility to be informed if there are mac addresses dropped by the limitation.

Hi!

You can configure log event.
More information in EXOS User Guide and Command Reference Guide.

Thank you!
Userlevel 1
It's not standard, isn't it? Because whether in the User Guide nor in the Refernce Guide I found a possiblity to be informed when mac-adresses are dropped because the limit-learning is reached and stop-learning takes place. The command "sh foobar sec" shows only "learned, blackholed and locked" but not dropped! And "sh fdb stats foobar" shows dropped mac-adresses, but not at which port of the switch. It would be great to see or to be informed at which port of the switch the macs are dropped because of limt-learning and action stop-learning. Any example or idea how this could work? Thank you in advance.
Userlevel 6
Hi Jack,

You might be interested in the output of "show fdb which will display the port number and the mac-address which is dropped.

Slot-1 Stack.30 # sh fdb "Default"
Mac Vlan Age Flags Port / Virtual Port List
--------------------------------------------------------------------------------
00:00:00:00:01:15 Default(0001) 0049 d m 1:47
00:00:00:00:01:16 Default(0001) 0049 d m 1:47
00:00:00:00:01:17 Default(0001) 0049 d m 1:47
00:00:00:00:01:18 Default(0001) 0049 d m 1:47
00:00:00:00:01:19 Default(0001) 0166 d m Bb 1:47
00:00:00:00:01:1a Default(0001) 0166 d m Bb 1:47
00:00:00:00:01:1b Default(0001) 0166 d m Bb 1:47
00:00:00:00:01:1c Default(0001) 0166 d m Bb 1:47
00:00:00:00:01:1d Default(0001) 0166 d m Bb 1:47
00:00:00:00:01:1e Default(0001) 0049 d m 1:47
00:00:00:00:01:1f Default(0001) 0049 d m 1:47
00:00:00:00:01:20 Default(0001) 0049 d m 1:47
00:00:00:00:01:21 Default(0001) 0049 d m 1:47
00:00:00:00:01:22 Default(0001) 0049 d m 1:47
00:00:00:00:01:23 Default(0001) 0049 d m 1:47
Userlevel 6
Hi Jack,

As Alexandr pointed out, we can also make this information automated so that it can show up in the log as below:

Make the following configuration:

configure log filter DefaultFilter add events FDB.FdbNotice

* Slot-1 Stack.32 # sh log
10/28/2015 05:27:23.98 Slot-1: MAC Blackholed [limit exceeded]: Port 1:47 tag 1 MAC 0: 0: 0: 0: 1:1D Vlan Default
10/28/2015 05:27:23.91 Slot-1: MAC Blackholed [limit exceeded]: Port 1:47 tag 1 MAC 0: 0: 0: 0: 1:1C Vlan Default
10/28/2015 05:27:23.85 Slot-1: MAC Blackholed [limit exceeded]: Port 1:47 tag 1 MAC 0: 0: 0: 0: 1:1B Vlan Default
10/28/2015 05:27:23.78 Slot-1: MAC Blackholed [limit exceeded]: Port 1:47 tag 1 MAC 0: 0: 0: 0: 1:1A Vlan Default
10/28/2015 05:27:23.71 Slot-1: MAC Blackholed [limit exceeded]: Port 1:47 tag 1 MAC 0: 0: 0: 0: 1:19 Vlan Default

Hope this helps!
Userlevel 1
I agree with you when I configure:
conf port 3:15 "foobar" limit-learning 1 action blackhole

but with

conf port 3:15 "foobar" limit-learning 1 action stop-learning
you will not see the mac with "show fdb foobar"

But this made my day:

configure log filter DefaultFilter add events FDB.FdbNotice

With this extension of the DefaultFilter you get:

10/28/2015 13:08:17.58 Slot-1: MAC stopLearning[limit exceeded]: Port 3:15 MAC A4:BA:DB:B6: 7:7F Vlan foobar

Thank you!

Reply