Dell Force10 S55T S55 Configuration Guide FTOS 8.3.5.3 - Page 390
mac learning-limit dynamic
View all Dell Force10 S55T manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 390 highlights
www.dell.com | support.dell.com MAC Address Learning Limit is a method of port security on Layer 2 port-channel and physical interfaces, and VLANs. It enables you to set an upper limit on the number of MAC addresses that learned on an interface/VLAN. After the limit is reached, the system drops all traffic from a device with an unlearned MAC address. FTOS Behavior: When configuring MAC Learning Limit on a port or VLAN the configuration is accepted (becomes part of running-config and show mac learning-limit interface) before the system verifies that sufficient CAM space exists. If the CAM check fails, a message is displayed: %E90MH:5 %ACL_AGENT-2-ACL_AGENT_LIST_ERROR: Unable to apply access-list Mac-Limit on GigabitEthernet 5/84 In this case, the configuration is still present in the running-config and show output. Remove the configuration before re-applying a MAC learning limit with lower value. Also, ensure that Syslog messages can be viewed on your session. Note: The CAM-check failure message beginning in FTOS version 8.3.1.0 is different from versions 8.2.1.1 and earlier, which read: % Error: ACL returned error % Error: Remove existing limit configuration if it was configured before To set a MAC learning limit on an interface: Task Specify the number of MAC addresses that the system can learn off a Layer 2 interface. Command Syntax Command Mode mac learning-limit address_limit INTERFACE Three options are available with the mac learning-limit command: dynamic, no-station-move, and station-move. Note: An SNMP trap is available for mac learning-limit station-move. No other SNMP traps are available for MAC Learning Limit, including limit violations. mac learning-limit dynamic The MAC address table is stored on the Layer 2 FIB region of the CAM (and the Layer 2 ACL region on the E-Series). On the C-Series and S-Series the Layer 2 FIB region allocates space for static MAC address entries and dynamic MAC address entries (all MAC address entries on the E-Series are dynamic). When MAC Learning Limit is enabled, entries created on this port are static by default. When you configure the dynamic option, learned MAC addresses are stored in the dynamic region and are subject to aging. Entries created before this option is set are not affected. FTOS Behavior: If you do not configure the dynamic option, the C-Series and S-Series do not detect station moves in which a MAC address learned off of a MAC-limited port is learned on another port on same line card. Therefore, FTOS does not take any configured station-move violation action. When a MAC address is relearned on any other linecard (any line card except the one to which the original MAC-limited port belongs), the station-move is detected, and the system takes the configured the violation action. 390 | Layer 2