Mac Address Lock Down - Extreme Networks ExtremeWare XOS Guide Manual

This command displays the MAC security information for the specified VLAN.
show ports {mgmt | <portlist>} info {detail}
This command displays detailed information, including MAC security information, for the specified
port.
Limiting MAC Addresses with ESRP Enabled
If you configure a MAC address limit on VLANS that have ESRP enabled, you should add an
additional back-to-back link (that has no MAC address limit on these ports) between the ESRP-enabled
switches. Doing so prevents ESRP PDU from being dropped due to MAC address limit settings.
Figure 12 is an example of configuring a MAC address limit on an ESRP-enabled VLAN.
Figure 12: MAC address limits and ESRP-enabled VLANs
ESRP
vlan
S1
10.1.2.100
In Figure 12, S2 and S3 are ESRP-enabled switches, while S1 is an ESRP-aware (regular layer 2) switch.
Configuring a MAC address limit on all S1 ports might prevent ESRP communication between S2 and
S3. To resolve this, you should add a back-to-back link between S2 and S3. This link is not needed if
MAC address limiting is configured only on S2 and S3, but not on S1.

MAC Address Lock Down

In contrast to limiting learning on virtual ports, you can lock down the existing dynamic FDB entries
and prevent any additional learning using the
configure ports <portlist> vlan <vlan name> [limit-learning <number> | lock-learning |
unlimited-learning | unlock-learning]
This command causes all dynamic FDB entries associated with the specified VLAN and ports to be
converted to locked static entries. It also sets the learning limit to zero, so that no new entries can be
learned. All new source MAC addresses are blackholed.
Locked entries do not get aged, but can be deleted like a regular permanent entry.
ExtremeWare XOS 11.1 Concepts Guide
10.1.2.1
S2
10.1.2.2
S3
10.1.2.1
lock-learning
MAC Address Security
20.1.1.1
20.1.2.2
192.10.1.1
S4
192.10.1.100
30.1.1.2
30.1.1.1
option from the following command:
EX_036
227