Port Security violation after eaps and arp-flush


It's belong a Point to Point Connection over a EAPS-Ring. We have created a VMAN on the ring and add the port untagged on the vman.
The cutomer have on his side a cisco with "switchport port-security maximum 1" defined.
Now if the ring broken then the eaps send arp-flush and at the same time on the cisco-side/customer goes the port down because of more the 1 MAC 😕
Could someone explain me the write Setting on the customer / untag port side that the customer don't get more the 1 MAC ̈-Adresse from the port out in case of a ring broken or complete !




4 replies

Userlevel 3
When EAPS failover happens, packets gets flooded until the FDB's are re-learnt. If you don't want flooding to happen on a specific port, you could use the feature to disable unknown unicast flooding on the port. Command is as follows:

disable flooding [all_cast | broadcast | multicast | unicast] ports [port_list | all]

Please read the command reference guide for more details about this command.
Userlevel 6
Senguttuvan, Arun wrote:

When EAPS failover happens, packets gets flooded until the FDB's are re-learnt. If you don't want flooding to happen on a specific port, you could use the feature to disable unknown unicast flooding on the port. Command is as follows:

disable flooding [all_cast | broadcast | multicast | unicast] ports [port_list | all]

Please read the command reference guide for more details about this command.

Here are the links to the supporting product documentation Arun mentioned.

http://documentation.extremenetworks.com/exos_commands/exos_21_1/exos_commands_all/r_disable-floodin...

http://documentation.extremenetworks.com/exos/exos_21_1/fdb/c_guidelines-for-enabling-or-disabling-e...
Thank you Aron and Mathews. This solve the problem.
Userlevel 3
Below is the link to the KCS article explaining this feature:

https://gtacknowledge.extremenetworks.com/articles/Q_A/What-is-the-command-to-restrict-unknown-unicast-flooding-during-EAPS-or-STP-failover

Reply