Switching

Expand all | Collapse all

MAC Limit for all interfaces for EX3400 (ELS Style)

Jump to Best Answer
  • 1.  MAC Limit for all interfaces for EX3400 (ELS Style)

    Posted 03-05-2019 06:25

    Hi guys,

     

    On EX3300, I was able to limit the mac using:

    set ethernet-switching-options secure-access-port interface all mac-limit 5

    However, now I am using EX3400 and found that there is no such one command using which you can limit mac addresses on all the interfaces. I am currently using:

    wildcard range set switch-options interface ge-0/0/[0-47] interface-mac-limit 5 packet-action drop

    I just want to know if there is any neat way of doing the same for EX3400.

     

    Thanks



  • 2.  RE: MAC Limit for all interfaces for EX3400 (ELS Style)

     
    Posted 03-05-2019 06:47
    Hi vakas10,

    You can use interface range to maintain this better: https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/interface-ranges.html

    Please let me know if that helps.

    Hope this helps.

    Regards,
    -r.

    --------------------------------------------------

    If this solves your problem, please mark this post as "Accepted Solution."
    Kudos are always appreciated :).


  • 3.  RE: MAC Limit for all interfaces for EX3400 (ELS Style)

    Posted 03-05-2019 07:20

    Hi, thanks. Do you mean something like this will work?

     

    # show | compare
    [edit interfaces]
    +   interface-range ALL {
    +       member-range ge-0/0/0 to ge-0/0/47;
    +   }
    [edit switch-options]
    +   interface ALL {
    +       interface-mac-limit {
    +           5;
    +       }
    +   }


  • 4.  RE: MAC Limit for all interfaces for EX3400 (ELS Style)
    Best Answer

     
    Posted 03-05-2019 19:27

    Hi vakas10,

     

    Yes that works.  Please note that you might have to clear the ethernet-switching table as a best practice after making the MAC limit config change, so it's better to make the change in a low business time or a short maintenance if you will.

     

    Please also keep the new (ELS) command "clear ethernet-switching recovery-timeout interface <>" handy for any interfaces shut by the MAC limit rule :).

     

    Here is a quick test for your reference:

     

    {master:0}
    root@EX3400> show configuration switch-options
    Apr 03 15:41:21
    interface test {
    interface-mac-limit {
    1;
    packet-action shutdown;
    }
    }

    {master:0}
    root@EX3400> show configuration interfaces interface-range test
    Apr 03 15:41:28
    member-range xe-0/2/2 to xe-0/2/3;

     

    {master:0}
    root@EX3400> show version
    Apr 03 15:41:32
    fpc0:
    --------------------------------------------------------------------------
    Hostname: EX3400
    Model: ex3400-48t
    Junos: 18.4R1.8

     

    root@EX3400> show log messages | grep limit
    Apr 3 13:53:27 EX3400 l2ald[16336]: L2ALD_MAC_LIMIT_REACHED_IF: Limit on learned MAC addresses reached for xe-0/2/2.0; current count is 1
    Apr 3 13:53:28 EX3400 l2ald[16336]: L2ALD_MAC_LIMIT_RESET_IF: Resumed adding MAC addresses learned by xe-0/2/2.0; current count is 0
    Apr 3 13:53:28 EX3400 l2ald[16336]: L2ALD_MAC_LIMIT_REACHED_IF: Limit on learned MAC addresses reached for xe-0/2/2.0; current count is 1
    Apr 3 13:53:29 EX3400 l2ald[16336]: L2ALD_MAC_LIMIT_EXCEEDED_BLOCK: Limit on learned MAC addresses exceeded for xe-0/2/2.0; current count is 1 SHUTTING THE INTERFACE
    Apr 3 13:53:29 EX3400 l2ald[16336]: L2ALD_MAC_LIMIT_RESET_IF: Resumed adding MAC addresses learned by xe-0/2/2.0; current count is 0


    {master:0}
    root@EX3400> show interfaces xe-0/2/2 terse
    Apr 03 15:42:53


    Interface Admin Link Proto Local Remote
    xe-0/2/2 up down
    xe-0/2/2.0 up down eth-switch

     

    {master:0}[edit]
    root@EX3400# rollback 1
    Apr 03 15:41:49
    load complete

     

    {master:0}[edit]
    root@EX3400# show | compare
    Apr 03 15:41:51
    [edit interfaces]
    - interface-range test {
    - member-range xe-0/2/2 to xe-0/2/3;
    - }
    [edit]
    - switch-options {
    - interface test {
    - interface-mac-limit {
    - 1;
    - packet-action shutdown;
    - }
    - }
    - }

     

    {master:0}[edit]
    root@EX3400# commit and-quit
    Apr 03 15:42:02

     

    {master:0}
    root@EX3400> show interfaces xe-0/2/2 terse
    Apr 03 15:42:53
    Interface Admin Link Proto Local Remote
    xe-0/2/2 up down
    xe-0/2/2.0 up down eth-switch

     

    {master:0}
    root@EX3400> clear ethernet-switching recovery-timeout interface xe-0/2/2
    Apr 03 15:43:09

     

    {master:0}
    root@EX3400> show ethernet-switching table
    Apr 03 15:43:12

    MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static, C - Control MAC
    SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)


    Ethernet switching table : 2 entries, 2 learned
    Routing instance : default-switch
    Vlan MAC MAC Age Logical NH RTR
    name address flags interface Index ID
    default 00:11:aa:23:b5:08 D - xe-0/2/2.0 0 0
    default 00:11:aa:6d:a0:0a D - ae6.0 0 0

     

     

    Hope this helps.

     

    Regards,
    -r.

    --------------------------------------------------

    If this solves your problem, please mark this post as "Accepted Solution."
    Kudos are always appreciated :).