Managing MAC Locking

Enable/Disable Clearing First-arrival MACs on Link Change

To manage the behavior of first arrival MAC locking on link state change, use the following command.

configure mac-locking ports port_list first-arrival link-down-action [clear-macs | retain-macs]

Clear MAC on link change is enabled by default.

When the link goes down, by default, all the first arrival MAC locking addresses will be removed. When link-down-action is configured to “retain-macs”, the first arrival MAC locking addresses will be retained even when the link goes down.

Disable/Enable port when MAC threshold is reached

This command is used to configure the disabling of ports when the configured MAC threshold is met. This is used for both “first arrival” and “static” MAC locking methods.

configure mac-locking ports port_list learn-limit-action [disable-port | remain-enabled

The port is disabled when the configured MAC threshold is met. All the FDB entries learned on this port are flushed as the port is disabled. This configuration can be reset using the clear mac-locking disabled-state ports port_list command. When MAC locking is disabled on the port, the port comes back up.

Clearing the Disabled-state of a Port

This command is used to return the behavior of first arrival MAC locking with link state change to its default value of enabled.

clear mac-locking disabled-state ports port_list

Delete Static MAC Locking Entries

To delete MAC locking for all static MAC address or the specified static MAC address on the given port, use the following command:

configure mac-locking ports port_list static delete station [station_mac_address | all]

Clearing MAC Locking entries

The following command is used to clear MAC locking station entries for the given parameters:

clear mac-locking station [all | {mac station_mac_address} {first-arrival | static} {ports port_list}]

This command clears MAC locking configuration by port/mac/first arrival/static etc.
Note

Note

Clearing static MAC locking stations will remove them from the configuration. The cleared static MAC locking stations will not be saved across reboots.

Displaying MAC Locking Information

This command is used to display the status of MAC locking on one or more ports.

show mac-locking {ports port_list}
Note

Note

In MLAG, the mac-locking entries shown in this command's output are only natively learned FDB entries on the switch.

If port is not specified, MAC locking status will be displayed for all ports.

Sample output:
Slot-1 Stack.2 # show mac-locking

MAC locking is globally enabled.

Port   MAC  Trap      Log       FA    Limit     Link    Max Max   Last Violating
    Lock Thr|Viol    Thr|Viol   Aging Action    Down    Stc FA    MAC Address
   Stat                          Cfg|Stat Action
-----  ---- -------- -------- ----- --------    ------ --- ---    -----------------
1:1    dis  off|off   off|off   dis  ena|ena   clear    64 600    00:00:00:00:00:00
1:2    dis  off|off   off|off   dis  ena|ena   clear    64 600    00:00:00:00:00:00
1:3    dis  off|off   off|off   dis  ena|ena   clear    64 600    00:00:00:00:00:00
1:4    dis  off|off   off|off   dis  ena|ena   clear    64 600    00:00:00:00:00:00
1:5    dis  off|off   off|off   dis  ena|ena   clear    64 600    00:00:00:00:00:00

Legend:
Stat              - Status                    Thr|Viol - Threshold | Violation
Max Stc           - Max Static Count          Max FA   - Max First-Arrival Count
dis               - Disabled                  ena       - Enabled
retain            - Retain MACs               clear     - Clear MACs
Limit Action Cfg  - If port should be disabled when learnt limit is exceeded
             dis   - Port to be disabled when learn limit is exceeded
             ena   - Port to remain enabled when learn limit is exceeded
Limit Action Stat - Port status on exceeding learn limit

The following command displays MAC locking stations for different parameters:

show mac-locking stations {first-arrival | static} {ports port_list}