Sticky Mac Address Configurations - Cisco ASR 920 Series Configuration Manual Ethernet Router

Sticky MAC Address Configurations

inactivity command, which specifies that the age <n> be measured from the instant that the MAC address
was last encountered on the service instance.
The mac security aging staticand mac security aging sticky commands specify that the mac security aging
timeaging-time command must be applicable to permitted and sticky MAC addresses, respectively. In the
case of permitted MAC addresses, the absolute aging time is measured from the time the address is entered
into the MAC address table (for example, when it is configured or whenever the mac security command is
entered--whichever is later).
If the mac security aging time command is not configured, the mac security aging static command has no
effect.
Sticky MAC Address Configurations
The ability to make dynamically learned MAC addresses on secured service instances permanent even after
interface transitions or device reloads can be set up and configured. A dynamically learned MAC address that
is made permanent on a secured service instance is called a "sticky MAC address". The mac security sticky
command is used to enable the sticky MAC addressing feature on a service instance.
With the "sticky" feature enabled on a secured service instance, MAC addresses learned dynamically on the
service instance are kept persistent across service instance line transitions and device reloads.
The sticky feature has no effect on statically configured MAC addresses. The sticky addresses are saved in
the running configuration. Before the device is reloaded, it is the responsibility of the user to save the running
configuration to the startup configuration. Doing this will ensure that when the device comes on, all the MAC
addresses learned dynamically previously are immediately populated into the MAC address table.
The mac security sticky address mac-address command can configure a specific MAC address as a sticky
MAC address. The use of this command is not recommended for the user because configuring a MAC address
as a static address does the same thing. When sticky MAC addressing is enabled by the mac security sticky
command, the dynamically learned addresses are marked as sticky and a mac security sticky address
mac-address command is automatically generated and saved in the running configuration for each learned
MAC address on the service instances.
Aging for Sticky Addresses
MAC addresses learned on a service instance that has the sticky behavior enabled are subject to aging as
configured by the mac security aging time and mac security aging sticky commands. In other words, for
the purpose of aging functionality, sticky addresses are treated the same as dynamically learned addresses.
Transitions
This section contains a description of the expected behavior of the different MAC security elements when
various triggers are applied; for example, configuration changes or link state transitions.
MAC Security Enabled on a Service Instance
When MAC security is enabled on a service instance, all existing MAC table entries for the service instance
are purged. Then, permitted MAC address entries and sticky addresses are added to the MAC table, subject
to the prevailing MAC address limiting constraints on the bridge domain.
Carrier Ethernet Configuration Guide (Cisco ASR 920 Series)
88
Configuring MAC Address Limiting on Service Instances Bridge Domains and EVC Port Channels