This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EXOS | Mac-Locking vs Limit-learning/Lock-learning

EXOS | Mac-Locking vs Limit-learning/Lock-learning

Go to solution
csantos
New Contributor III

‎08-17-2020 04:16 PM

Hello,

We’re trying to upgrade our security level in the Access layer where we have EXOS stacks.

So, I was thinking to use Mac-locking to achieve our goals, because it is something that we already used in another customer, so, it’s very familiar.

However, a colleague of mine told me about limit-learning/lock-learning features. So what do you think about those? Should I go with mac-locking, or limit-learning/lock-learning?

Thanks in advance,

César Santos

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
SamPirok
Community Manager Community Manager
Community Manager

‎08-17-2020 06:59 PM

Hi Cesar, we welcome all kinds of posts related to Extreme on the Hub, theoretical or practical. And I’m sure we’re all familiar with the need to satisfy customer curiosity regarding different features.

Looking at your question here, mac-locking and limit-learning/lock-learning essentially do the same things. However, mac-locking prevents packets from being sent to the port if the destination MAC is not present, by removing the MAC entry from the FBD. This is an advantage over limit-learning/lock-learning, however if your traffic level is fairly low then you likely wouldn’t see much difference either way. 

Hope that helps!

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
csantos
New Contributor III

‎08-18-2020 08:02 AM

Hi Sam,

Many thanks for your kind reply. Since both features are quite similar, we’ll go with Mac-locking, which is already familiar for us. 

Again, thank you so much.

Regards.

0 Kudos

Go to solution
SamPirok
Community Manager Community Manager
Community Manager

‎08-17-2020 06:59 PM

Hi Cesar, we welcome all kinds of posts related to Extreme on the Hub, theoretical or practical. And I’m sure we’re all familiar with the need to satisfy customer curiosity regarding different features.

Looking at your question here, mac-locking and limit-learning/lock-learning essentially do the same things. However, mac-locking prevents packets from being sent to the port if the destination MAC is not present, by removing the MAC entry from the FBD. This is an advantage over limit-learning/lock-learning, however if your traffic level is fairly low then you likely wouldn’t see much difference either way. 

Hope that helps!

0 Kudos

Go to solution
csantos
New Contributor III

‎08-17-2020 05:15 PM

Hi Jeronimo,

About your first paragraph. Sorry about that, let’s assume that I’ve misunderstood the purpose of the community. In my perspective, a community is for questions like this one. If I’ve an actual problem, I’ll go to the Support. Again, If I’m wrong, I’m sorry.

About your question regarding why do I want to prevent an hub from being used, let me ask you something. In your house, do you let your neighbour to use your resources without ask you, just because that does not hurt you? Besides, can we agree that, in the end, if a customer asks you something about a particular feature, your job is to give them the best possible answer?

At last, I know Mac-locking feature and how it works. My question was, I think, pretty straightforward. I would like to know the community experience with limit-learning/lock-learning and, if possible, compare with mac-locking.

Regards,

César Santos

0 Kudos

Go to solution
jeronimo
Contributor III

‎08-17-2020 04:58 PM

You should have described your actual problem immediately instead of asking what people “think about” a certain feature.

Why do you want to prevent a hub from being used? Even if they were to create a loop using the hub, bpdu-restrict would still catch it and disable the port.

I’m not sure if you can use Mac locking (first-arrival in your case) to disable the port if more addresses are seen. However it will simply not learn those addresses meaning those devices won’t work.

0 Kudos
GTM-P2G8KFN