Header Only - DO NOT REMOVE - Extreme Networks

limit-learning doesn't work on stack with EXOS 15.3.1.4


Userlevel 4
Hello, everybody!

I have a mixed stack of x440 and x460 g1 switches.

I want to configure limit-learning for a certain port.

I say: configure port 3:9 vlan v12 limit-learning 1 action stop-learning

I connect laptop to this port and get an IP. Then I change to another laptop ang get an IP again!

What am I doing wrong?

show fdb port 3:9 show that MACs are changing (and these are laptops MACs)

show port 3:9 info detail show:

MAC-limit = 1, Action = stop-learning.

But nothing happens! I connect third laptop and it gets IP too.

When I say "configure port 3:9 vlan v12 lock-learning" it blocks the port.

Could you please help me with this issue?

Many thanks in advance,

Ilya

11 replies

Userlevel 6
Hi,

Limit-learning is dynamic. That means the port allows only 1 MAC address at a time (based on your configuration of limit-learning = 1). If you disconnect the laptop an plug in a new one, it will also work.

Lock-learning will "convert" the MAC already learned from dynamic to static and set limit-learning to zero so no new MACs will be added to the FDB.

Could you please clarify what are you trying to accomplish?

Thanks,
Userlevel 4
Henrique wrote:

Hi,

Limit-learning is dynamic. That means the port allows only 1 MAC address at a time (based on your configuration of limit-learning = 1). If you disconnect the laptop an plug in a new one, it will also work.

Lock-learning will "convert" the MAC already learned from dynamic to static and set limit-learning to zero so no new MACs will be added to the FDB.

Could you please clarify what are you trying to accomplish?

Thanks,

Hello, Henrique!

I want to prevent users from changing machines on a port. If they try to connect one more device to the port, this port shold be blocked.

I can't apply lock-learning after limit-learning and vice versa.

Are there any solutions on my task?

Thank you!
Userlevel 3
Henrique wrote:

Hi,

Limit-learning is dynamic. That means the port allows only 1 MAC address at a time (based on your configuration of limit-learning = 1). If you disconnect the laptop an plug in a new one, it will also work.

Lock-learning will "convert" the MAC already learned from dynamic to static and set limit-learning to zero so no new MACs will be added to the FDB.

Could you please clarify what are you trying to accomplish?

Thanks,

You can add a static mac address to port and disable learning on that port.

--
Jarek
Userlevel 4
Henrique wrote:

Hi,

Limit-learning is dynamic. That means the port allows only 1 MAC address at a time (based on your configuration of limit-learning = 1). If you disconnect the laptop an plug in a new one, it will also work.

Lock-learning will "convert" the MAC already learned from dynamic to static and set limit-learning to zero so no new MACs will be added to the FDB.

Could you please clarify what are you trying to accomplish?

Thanks,

I have 9 stacks with about 2000+ ports...
Userlevel 6
Henrique wrote:

Hi,

Limit-learning is dynamic. That means the port allows only 1 MAC address at a time (based on your configuration of limit-learning = 1). If you disconnect the laptop an plug in a new one, it will also work.

Lock-learning will "convert" the MAC already learned from dynamic to static and set limit-learning to zero so no new MACs will be added to the FDB.

Could you please clarify what are you trying to accomplish?

Thanks,

Hi,

When using limit-learning = 1 with action blackhole, if the user tries to use a second device to that port, the second MAC will be added as a blackhole entry to FDB.

configure port vlan limit-learning 1 action blackhole

However, if the user unplug the laptop and plug the new laptop he will get access.

On both cases, they will be able to use just 1 device at a time.
Userlevel 3
Ilya,

limit-learning - specifies a limit on the number of MAC addresses that can be dynamically
learned on the specified ports.

When you disconnect laptop switch clear fdb for that port.
Then you connect new device, switch learn new mac address.

If you connect to sw-Extreme port another switch and to this switch 3 laptops,
then switch sw-Extreme will learn only one mac address, all other are blackholed.

--
Jarek
Userlevel 7
Hi Ilya,

Limit-learning does not prevent FDB entries from being aged out or cleared due to link-down events. In this case, the FDB entry will be cleared when the link goes down.

The lock-learning option will permanently lock the first learned MAC address on this port, and prevent other devices from communicating on this port.

-Brandon
Userlevel 7
https://community.extremenetworks.com/extreme/topics/how-can-i-tell-the-switch-to-lock-the-first-lea...
Userlevel 4
Hello, Ron!

I have experience using mac-locking command and know it works, but I live in 15.3 world.

This is very obvious good idea to upgrade EXOS. But the problem is when I upgrade my composite stacks (x440-x460) to 16.2 (or to any of 15.x - higher than 15.3) they start arbitrary blocking ports during daily peak hours. Two years ago Extreme's engineers from Moscow (! - your employees) were unable to solve the problem and left 15.3 as the only stable firmware. The contract is expired now. I 99% sure that it is MSTP issue, totally useless for the current infrastructure (less than 30 vlans). I am going to change STP version to PVST+ on Saturday. Hope it will help.

Thank you!
Userlevel 4
Hello Ilya,

You stacks are running XOS image affected with next CR's:
xos0057211 - Traffic gets forwarded for blackholed MAC address when limit learning enabled.
xos0054065 - Switch fails to recognize previously learnt MAC Addresses when configuring the features - MAC Lockdown and Limit Learning

Updating EXOS to the latest 15.3 patch should solve the issue.

Best Regards,
Nikolay
Userlevel 4
Necheporenko, Nikolay wrote:

Hello Ilya,

You stacks are running XOS image affected with next CR's:
xos0057211 - Traffic gets forwarded for blackholed MAC address when limit learning enabled.
xos0054065 - Switch fails to recognize previously learnt MAC Addresses when configuring the features - MAC Lockdown and Limit Learning

Updating EXOS to the latest 15.3 patch should solve the issue.

Best Regards,
Nikolay

Ya pryamo hochu dva laika postavit, potomu cho eto desyatiy, navernoe, bag, na kotoriy ya natikayus, pomipo obnarujennih mnoy lichno i podtverzhdenniy mezhdunarodnim TACom. Zaprosil u distukov poslednyuyu zaplatku...

Zbazibo.
Userlevel 4
Evening, everyone!

I've tried to implement such a configuration on my 16.2 stack:

enable mac-locking
enable mac-locking ports 5:17
configure mac-locking ports 5:17 first-arrival limit-learning 1
configure mac-locking ports 5:17 first-arrival link-down-action retain-macs
configure mac-locking ports 5:17 log violation on
configure mac-locking ports 5:17 learn-limit-action disable-port

Everything works as expected, but I want to ensure that it will keep working after rebooting the switch!

Many thanks to all participants of this discussion!!!!

Reply