The following content describes the MAC locking commands:
To enable or disable the MAC locking feature, use the following commands:
To configure first arrival MAC locking on a port, use the following command:
When the configured limit is reached, no further entries are learnt. However, if the learnt entries are aged out, new MAC addresses can be learned.
By default, Aging is disabled for first arrival MAC locking entries on a configured port. When the FDB (forwarding database) entries are aged out, they are removed from the FDB, but they are retained in the MAC locking table. So when the first arrival limit is reached, only those entries in the MAC locking table can be learned again if these devices start sending out traffic. Any new MAC addresses cannot be learned.
The maximum number of dynamic MAC addresses that can be locked on a port is 600.
Note
There is no command to unconfigure first arrival or static MAC locking limit. The value can be reset giving the default learn limit specified in the help text. When First arrival MAC locking is configured to a value that is lower than the number of MACs that are locked, all the MAC locking bindings on the port are cleared.Note
There is no command to unconfigure first arrival or static MAC locking limit. The value can be reset giving the default learn limit specified in the help text. CLI doesn‘t allow changing the static MAC locking limit value to a value lower than the number of MACs locked in the MAC lock station table. Some or all of the created MAC locking stations should be removed to change the limit to a lower value.Note
Assume that port 2:22 is enabled for MAC Locking. The maximum static entry limit value is configured to 5 on port 2:22. If the user wants to configure the maximum static entry limit value to 3,
Print
this page
Email this topic
Feedback
View PDF
Download EPUB
* Slot-1 DUT1.94 # show mac-locking ports 2:22
MAC locking is globally enabled.
Port MAC Trap Log FA Limit Link Max Max Last Violating
Lock Thr|Viol Thr|Viol Aging Action Down Stc FA MAC Address
Stat Cfg|Stat Action
----- ---- -------- -------- ----- -------- ------ --- --- -----------------
2:22 ena off|on off|on dis ena|ena clear 5 45 00:11:11:11:11:04
Legend:
Stat - Status Thr|Viol - Threshold | Violation
Max Stc - Max Static Count Max FA - Max First-Arrival Count
dis - Disabled ena - Enabled
retain - Retain MACs clear - Clear MACs
Limit Action Cfg - If port should be disabled when learnt limit is exceeded
dis - Port to be disabled when learn limit is exceeded
ena - Port to remain enabled when learn limit is exceeded
Limit Action Stat - Port status on exceeding learn limit
* Slot-1 DUT1.95 #
* Slot-1 DUT1.95 # show mac-locking stations ports 2:22
Port MAC Address Status State Aging
----- ----------------- -------- ------------- -----
2:22 00:11:11:11:11:00 active static false
2:22 00:11:11:11:11:01 active static false
2:22 00:11:11:11:11:02 active static false
2:22 00:11:11:11:11:03 active static false
2:22 00:11:11:11:11:04 active static false
* Slot-1 DUT1.96 # configure mac-locking ports 2:22 static limit-learning 3
Error: Static limit-learning value cannot be reduced to 3 for port 2:22 as 5 static stations are already created.
Configuration failed on backup Node, command execution aborted!
* Slot-1 DUT1.97 #
Scenario B:
* Slot-1 DUT1.109 # show mac-locking stations ports 2:22
Port MAC Address Status State Aging
----- ----------------- -------- ------------- -----
2:22 00:11:11:11:11:00 active static false
2:22 00:11:11:11:11:01 active first-arrival false
2:22 00:11:11:11:11:02 active first-arrival false
2:22 00:11:11:11:11:03 active first-arrival false
2:22 00:11:11:11:11:04 active first-arrival false
* Slot-1 DUT1.109 # show mac-locking ports 2:22
MAC locking is globally enabled.
Port MAC Trap Log FA Limit Link Max Max Last Violating
Lock Thr|Viol Thr|Viol Aging Action Down Stc FA MAC Address
Stat Cfg|Stat Action
----- ---- -------- -------- ----- -------- ------ --- --- -----------------
2:22 ena off|on off|on dis ena|ena clear 5 45 00:11:11:11:11:04
Legend:
Stat - Status Thr|Viol - Threshold | Violation
Max Stc - Max Static Count Max FA - Max First-Arrival Count
dis - Disabled ena - Enabled
retain - Retain MACs clear - Clear MACs
Limit Action Cfg - If port should be disabled when learnt limit is exceeded
dis - Port to be disabled when learn limit is exceeded
ena - Port to remain enabled when learn limit is exceeded
Limit Action Stat - Port status on exceeding learn limit
* Slot-1 DUT1.110 # configure mac-locking ports 2:22 static limit-learning 3
* Slot-1 DUT1.111 # show mac-locking ports 2:22
MAC locking is globally enabled.
Port MAC Trap Log FA Limit Link Max Max Last Violating
Lock Thr|Viol Thr|Viol Aging Action Down Stc FA MAC Address
Stat Cfg|Stat Action
----- ---- -------- -------- ----- -------- ------ --- --- -----------------
2:22 ena off|on off|on dis ena|ena clear 3 45 00:11:11:11:11:04
Legend:
Stat - Status Thr|Viol - Threshold | Violation
Max Stc - Max Static Count Max FA - Max First-Arrival Count
dis - Disabled ena - Enabled
retain - Retain MACs clear - Clear MACs
Limit Action Cfg - If port should be disabled when learned limit is exceeded
dis - Port to be disabled when learn limit is exceeded
ena - Port to remain enabled when learn limit is exceeded
Limit Action Stat - Port status on exceeding learn limit
To create a static MAC locking entry (also known as MAC locking station) and enable or disable MAC locking for the specific MAC address and port, use the following command:
configure mac-locking ports port_list static [add | enable | disable] station station_mac_address
Note
A static MAC locking station is enabled by default.To disable the static MAC locking station, use the following command.
configure mac-locking ports port_list static disable station station_mac_address
When created and enabled, a static MAC lock configuration allows only the end station designated by the MAC address to participate in forwarding of traffic.
The disabled entries are also counted when calculating the total number of locked stations. Static MAC locking stations that are disabled are only shown in “show mac-locking stations static” command. When “static” keyword is not given in “show mac-locking stations”, the disabled entries are not shown.
To enable or disable first arrival MAC address aging, use the following command.
configure mac-locking ports port_list first-arrival aging [enable | disable]
Dynamic MAC locking mode MAC address aging is disabled by default.
This is applicable only to MAC addresses locked by first-arrival locking and not to MAC addresses locked by static locking.
When First arrival aging is disabled, MAC locking stations are retained even when the corresponding FDB entry ages out.
When First arrival aging is enabled, MAC locking station starts aging when all the FDB entries corresponding to the station MAC are removed. MAC lock stations do not start aging when FDB entries are present.
Note
First arrival Aging – Age out time for First Arrival MAC locking station is same as FDB aging time that is configured using configure fdb agingtime.To move all current first-arrival MACs to static entries on a port, use the following command:
configure mac-locking ports port_list first-arrival move-to-static
This command converts dynamic MAC locked stations to static MAC locked stations. There is no change to FDB entries.
Note
Ensure the static limit can accommodate the entries before moving them from to static. Otherwise, the device may throw the following error: Error: Some dynamic stations could not be converted to static stations for port <port_list>.Note
An FDB entry created from the CLI will not be removed when a static MAC lock station is created and disabled for the corresponding MAC address. It is necessary to delete the FDB entry from the CLI. MAC-Locking does not remove user created FDB entries.