cancel
Showing results for 
Search instead for 
Did you mean: 

EXOS | Mac-Locking vs Limit-learning/Lock-learning

EXOS | Mac-Locking vs Limit-learning/Lock-learning

csantos
New Contributor III

Hello,

We’re trying to upgrade our security level in the Access layer where we have EXOS stacks.

So, I was thinking to use Mac-locking to achieve our goals, because it is something that we already used in another customer, so, it’s very familiar.

However, a colleague of mine told me about limit-learning/lock-learning features. So what do you think about those? Should I go with mac-locking, or limit-learning/lock-learning?

Thanks in advance,

César Santos

1 ACCEPTED SOLUTION

SamPirok
Community Manager Community Manager
Community Manager

Hi Cesar, we welcome all kinds of posts related to Extreme on the Hub, theoretical or practical. And I’m sure we’re all familiar with the need to satisfy customer curiosity regarding different features.

Looking at your question here, mac-locking and limit-learning/lock-learning essentially do the same things. However, mac-locking prevents packets from being sent to the port if the destination MAC is not present, by removing the MAC entry from the FBD. This is an advantage over limit-learning/lock-learning, however if your traffic level is fairly low then you likely wouldn’t see much difference either way. 

Hope that helps!

View solution in original post

6 REPLIES 6

csantos
New Contributor III

Hi Sam,

Many thanks for your kind reply. Since both features are quite similar, we’ll go with Mac-locking, which is already familiar for us. 

Again, thank you so much.

Regards.

SamPirok
Community Manager Community Manager
Community Manager

Hi Cesar, we welcome all kinds of posts related to Extreme on the Hub, theoretical or practical. And I’m sure we’re all familiar with the need to satisfy customer curiosity regarding different features.

Looking at your question here, mac-locking and limit-learning/lock-learning essentially do the same things. However, mac-locking prevents packets from being sent to the port if the destination MAC is not present, by removing the MAC entry from the FBD. This is an advantage over limit-learning/lock-learning, however if your traffic level is fairly low then you likely wouldn’t see much difference either way. 

Hope that helps!

csantos
New Contributor III

Hi Jeronimo,

About your first paragraph. Sorry about that, let’s assume that I’ve misunderstood the purpose of the community. In my perspective, a community is for questions like this one. If I’ve an actual problem, I’ll go to the Support. Again, If I’m wrong, I’m sorry.

About your question regarding why do I want to prevent an hub from being used, let me ask you something. In your house, do you let your neighbour to use your resources without ask you, just because that does not hurt you? Besides, can we agree that, in the end, if a customer asks you something about a particular feature, your job is to give them the best possible answer?

At last, I know Mac-locking feature and how it works. My question was, I think, pretty straightforward. I would like to know the community experience with limit-learning/lock-learning and, if possible, compare with mac-locking.

Regards,

César Santos

jeronimo
Contributor III

You should have described your actual problem immediately instead of asking what people “think about” a certain feature.

Why do you want to prevent a hub from being used? Even if they were to create a loop using the hub, bpdu-restrict would still catch it and disable the port.

I’m not sure if you can use Mac locking (first-arrival in your case) to disable the port if more addresses are seen. However it will simply not learn those addresses meaning those devices won’t work.

GTM-P2G8KFN