Disabling Mac Address Learning; Fdb Configuration Examples - Extreme Networks ExtremeWare XOS Guide Manual

Non-permanent static entries are created by the switch software for various reasons, typically upon
switch boot up. They are identified by the "s" flag in
If the FDB entry aging time is set to zero, all entries in the database are considered static, non-aging
entries. This means that they do not age, but they are still deleted if the switch is reset.
• Permanent entries—Permanent entries are retained in the database if the switch is reset or a power
off/on cycle occurs. Permanent entries must be created by the system administrator through the
command line interface. A permanent entry can either be a unicast or multicast MAC address.
Permanent entries may be static, meaning they do not age or get updated, or they may be dynamic,
meaning that they do age and can be updated via learning.
Permanent entries can have QoS profiles associated with the MAC address. A different QoS profiles
may be associated with the MAC address when it is a destination address (an egress QoS profile)
than when it is a source address (ingress QoS profile).
The stand-alone switches can support a maximum of 64 permanent entries, and the modular
switches support a maximum of 254 permanent entries.
• Blackhole entries—A blackhole entry configures the switch to discard packets with a specified MAC
address. Blackhole entries are useful as a security measure or in special circumstances where a
specific source or destination address must be discarded. Blackhole entries may be created through
the CLI, or they may be created by the switch when a port's learning limit has been exceeded.
Blackhole entries are treated like permanent entries in the event of a switch reset or power off/on
cycle. Blackhole entries are never aged out of the database.

Disabling MAC Address Learning

By default, MAC address learning is enabled on all ports. You can disable learning on specified ports
using the following command:
disable learning port <port_list>
If MAC address learning is disabled, only broadcast traffic, EDP traffic, and packets destined to a
permanent MAC address matching that port number, are forwarded. Use this command in a secure
environment where access is granted via permanent forwarding databases (FDBs) per port.

FDB Configuration Examples

The following example adds a permanent static entry to the FDB:
create fdbentry 00:E0:2B:12:34:56 vlan marketing port 3:4
The permanent entry has the following characteristics:
• MAC address is 00:E0:2B:12:34:56.
• VLAN name is marketing.
• Slot number for this device is 3.
• Port number for this device is 4.
If the MAC address 00:E0:2B:12:34:56 is encountered on any port/VLAN other than VLAN marketing,
port 3:4, it will be handled as a blackhole entry, and packets from that source will be dropped.
This example associates the QoS profile qp2 with a dynamic entry for the device at MAC address
00:A0:23:12:34:56 on VLAN net34 that will be learned by the FDB:
ExtremeWare XOS 10.1 Concepts Guide
output.
show fdb
FDB Configuration Examples
77