Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Understanding MAC Address Limiting and Persistent MAC Learning on a Junos Fusion Enterprise

MAC limiting enhances port security by limiting the number of MAC addresses that can be learned within a VLAN, which prevents flooding of the Ethernet switching table. You can configure MAC limiting to drop packets or to shut down interfaces when the MAC limit is exceeded.

Persistent MAC learning—also called sticky MAC addresses—enables an interface to retain dynamically learned MAC addresses when the switch is restarted or if the interface goes down and is brought back online, preventing traffic loss for trusted workstations.

MAC limiting and persistent MAC learning configuration in a Junos Fusion Enterprise is identical for a standalone EX9200 switch. For more information on MAC limiting, see Understanding MAC Limiting. For more information on persistent MAC learning, see Understanding Persistent MAC Learning (Sticky MAC).

In a Junos Fusion Enterprise, there are special considerations that impact MAC limiting and persistent MAC learning functionality.

MAC Address Limiting on a Junos Fusion Enterprise

The following actions are possible when the MAC limit is reached on an interface:

  • None—No impact on functionality of the aggregation device or the satellite device. Traffic is forwarded from the satellite device to the aggregation device.

  • Shutdown—The extended port on the satellite device is shutdown when the MAC limit is reached on the aggregation device.

  • Drop—The unlearnt source MAC packet is forwarded by the satellite device and dropped on the aggregation device.

The following requirements should be understood when configuring MAC address limiting for a Junos Fusion Enterprise with dual aggregation devices:

  • There is the potential for MAC addresses received on an extended port to be forwarded to different aggregation devices. To prevent inconsistency, the learned MAC addresses are synchronized across both aggregation devices. If one aggregation device is not able to install a MAC address due to MAC limiting, that MAC address is deleted from the peer aggregation device.

  • For the shutdown action, the shutdown on extended ports is applied at the physical interface level; in a standalone EX9200 switch, MAC limiting shutdown is applied at the logical interface level.

  • Executing the clear ethernet-switching recovery-timeout command on one aggregation device also clears the error on the other aggregation device.

  • In the event of a shutdown, if the recovery timer is configured, the error is cleared on both aggregation devices when the timer expires.

Persistent MAC Learning on a Junos Fusion Enterprise

The following requirements should be understood when configuring persistent MAC learning for a Junos Fusion Enterprise with dual aggregation devices:

  • MAC addresses learnt locally or remotely are treated as persistent entries and saved in the persistent file on both aggregation devices.

  • Persistent MAC learning cannot be enabled on the ICL interface. This is enforced by commit check.

  • When persistent MAC learning is configured on extended ports of a single-homed satellite device, MAC addresses learned locally are learned as persistent addresses, and MAC addresses learned on the peer are learned as remote dynamic addresses.

  • Clearing the persistent-mac on one aggregation device also deletes the entry from other aggregation device.

If you move a device within your network that has a persistent MAC address entry on the switch, use the clear ethernet-switching table persistent-mac command to clear the persistent MAC address entry from the interface. If you move the device and do not clear the persistent MAC address from the original port on which it was learned, then the new port will not learn the MAC address of the device and the device will not be able to connect.

If the original port is down when you move the device, then the new port will learn the MAC address and the device can connect. However, if you do not clear the persistent MAC address on the original port, then when the port restarts, the system reinstalls the persistent MAC address in the forwarding table for that port. If this occurs, the persistent MAC address is removed from the new port and the device loses connectivity.