Disabling Mac Address Learning; Associating Qos Profiles With An Fdb Entry - Extreme Networks ExtremeWare 7.2e Installation And User Manual

Non-permanent static entries are created by the switch software for various reasons, typically upon
switch boot up. They are identified by the "s" flag in
If the FDB entry aging time is set to zero, all entries in the database are considered static, non-aging
entries. This means that they do not age, but they are still deleted if the switch is reset.
• Permanent entries—Permanent entries are retained in the database if the switch is reset or a power
off/on cycle occurs. Permanent entries must be created by the system administrator through the
command line interface. A permanent entry can either be a unicast or multicast MAC address.
Permanent entries may be static, meaning they do not age or get updated, or they may be dynamic,
meaning that they do age and can be updated via learning.
Permanent entries can have QoS profiles associated with the MAC address. A different QoS profiles
may be associated with the MAC address when it is a destination address (an egress QoS profile)
than when it is a source address (ingress QoS profile).
The Summit 400 can support a maximum of 64 permanent entries.
• Blackhole entries—A blackhole entry configures the switch to discard packets with a specified MAC
address. Blackhole entries are useful as a security measure or in special circumstances where a
specific source or destination address must be discarded. Blackhole entries may be created through
the CLI, or they may be created by the switch when a port's learning limit has been exceeded.
Blackhole entries are treated like permanent entries in the event of a switch reset or power off/on
cycle. Blackhole entries are never aged out of the database.

Disabling MAC Address Learning

By default, MAC address learning is enabled on all ports. You can disable learning on specified ports
using the following command:
disable learning ports <portlist>
If MAC address learning is disabled, only broadcast traffic, EDP traffic, and packets destined to a
permanent MAC address matching that port number, are forwarded. Use this command in a secure
environment where access is granted via permanent forwarding databases (FDBs) per port.

Associating QoS Profiles with an FDB Entry

You can associate QoS profiles with a MAC address (and VLAN) of a device by creating a permanent
FDB entry and specifying QoS profiles for ingress or egress, or both. The permanent FDB entry can be
either dynamic (it is learned and can be aged out) or static.
To associate a QoS profile with a dynamic FDB entry, use the following command:
create fdbentry [<mac_address> | any-mac] vlan <vlan name> dynamic ingress-qosprofile
<qosprofile>{ingress-qosprofile
This command associates QoS profiles with packets received from or destined for the specified MAC
address, while still allowing the FDB entry to be dynamically learned. If you specify only the ingress
QoS profile, the egress QoS profile defaults to none, and vice-versa. If both profiles are specified, the
source MAC address of an ingress packet and the destination MAC address of an egress packet are
examined for QoS profile assignment.
The FDB entry is not actually created until the MAC address is encountered as the source MAC address
in a packet. Thus, initially the entry may not appear in the
ExtremeWare 7.2e Installation and User Guide
show fdb
<inqosprofile>}]
show fdb
Associating QoS Profiles with an FDB Entry
output.
output. Once the entry has been
105