Feature |
Product |
Release introduced |
---|---|---|
FDB protected by port (MAC security limit-learning) |
5320 Series |
Fabric Engine 8.6 |
5420 Series |
VOSS 8.4 |
|
5520 Series |
VOSS 8.3 |
|
5720 Series |
Fabric Engine 8.7 |
To perform MAC-layer bridging, the device must know the destination MAC-layer address of each device on each attached network to forward packets to the appropriate destination. The system stores MAC-layer addresses in the bridge forwarding database (FDB) table, and can forward packet traffic based on the destination MAC-layer address information.
Use MAC security to control traffic from specific number of MAC addresses. You can also limit the number of allowed MAC addresses. You can enable this feature at the port level.
Port-level security applies to traffic for all VLANs received on that port.
Port-level MAC security provides limit—learning option:
limit-learning: This option protects the FDB from traffic from too many MAC addresses, which fill the FDB table.
This option limits the number of MAC addresses a port learns. You can specify a maximum number of addresses. After the number of addresses reaches the maximum, learning stops. The port disables packet forwarding and drops packets from new source MAC address. MAC address learning resumes after enough existing addresses age out and there is room to learn new MAC addresses.
Note
If you configure a limit on a port that has already learned more than the new limit, packet forwarding for those additional MAC addresses continues to work until the port flaps, you flush the MAC address, or the MAC address disappears.
The following list identifies restrictions to MAC security limit-learning:
This feature is not supported on:
MLT ports members
NNI ports
Transparent Port UNI or Switched UNI
The switch supports MAC learning only in the VLAN domain; it is not supported in the I-SID domain.
The port MAC limit does not count static MAC addresses.
The switch supports the maximum number of MAC addresses a port can learn for non-SPBM configurations.