Supported Platforms
Configuring Persistent MAC Learning (CLI Procedure)
 | Note: This topic uses Junos OS for EX Series switches with support for the Enhanced Layer 2 Software (ELS) configuration style. If your switch runs software that does not support ELS, see Configuring Persistent MAC Learning (CLI Procedure). For ELS details, see Getting Started with Enhanced Layer 2 Software. |
Persistent MAC address learning is disabled by default. You can enable it to:
- Help prevent traffic losses for trusted workstations and servers because, if persistent MAC address learning is enabled on an interface, the interface does not have to relearn the addresses from ingress traffic after a restart.
- Protect the switch against security attacks—Use persistent MAC learning in combination with MAC limiting to protect against attacks while still obviating the need to statically configure MAC addresses. When the initial learning of MAC addresses up to the number specified by the MAC limit is done, new addresses are not allowed even after a restart. The port is secured because after the limit has been reached, additional devices cannot connect to the interface.
To configure persistent MAC learning on an interface and limit the number of allowed MAC addresses:
- Enable persistent MAC learning on an interface:
[edit switch-options]
user@switch# set interface interface-name persistent-learning - Configure the MAC limit on an interface, and specify the
action that the switch takes after the specified limit is exceeded:
[edit switch-options]
user@switch# set interface interface-name interface-mac-limit limit packet-action actionAfter you set a new MAC limit for the interface, the system clears existing entries in the MAC address forwarding table associated with the interface.
Values for action are:
drop | — | Drop packets with new source MAC addresses, and do not learn the new source MAC addresses. |
drop-and-log | — | (EX Series switches only) Drop packets with new source MAC addresses, and generate an alarm, an SNMP trap, or a system log entry. |
log | — | (EX Series switches only) Hold packets with new source MAC addresses, and generate an alarm, an SNMP trap, or a system log entry. |
none | — | (EX Series switches only) Forward packets with new source MAC addresses, and learn the new source MAC address. |
shutdown | — | (EX Series switches only) Disable the specified interface, and generate an alarm, an SNMP trap, or a system log entry. |
 | Tip: If you move a device within your network that has a persistent MAC address entry on the switch, use the clear ethernet-switching table persistent-mac command to clear the persistent MAC address entry from the interface. If you move the device and do not clear the persistent MAC address from the original port it was learned on, then the new port will not learn the MAC address of the device and the device will not be able to connect. If the original port is down when you move the device, then the new port will learn the MAC address and the device can connect. However, if you do not clear the persistent MAC address on the original port, then when the port restarts, the system reinstalls the persistent MAC address in the forwarding table for that port. If this occurs, the persistent MAC address is removed from the new port and the device loses connectivity. |
