Enabling MAC Address Filtering
To support source MAC address filtering for blocking unknown DHCP clients, specify the list of MAC addresses in the source-address-filter statement:
If you want to enable source address filtering, use the source-filtering statement.
If you don’t want to enable source address filtering, use the no-source-filtering statement.
You can include these statements at the following hierarchy levels:
[edit interfaces interface-name gigether-options]
To check packets dropped due to source MAC filtering, use the run show interfaces interface-name extensive show command.
Source MAC filtering is implemented using ternary content addressable memory (TCAM) space. The allocated TCAM space for this feature is shared by the filter-based forwarding (FBF) filter, which redirects the matched flow to the configured routing instance. On the logical interface, if these features are enabled, then source MAC filter takes higher precedence over the FBF filter. These features work independently on different logical interfaces without any limitation. From a scaling perspective, the allocated 125 hardware TCAM entries are shared by these features and the allocation of TCAM entries work on a first-come-first-serve basis mode. Source MAC filtering can be scaled up to 125 TCAM entries without the presence of the FBF filter. In general, if the ACX Series router has N physical ports, then it can support (125–N) source MAC addresses at the system level.