Logging violations of the MAC address learning limit (480808)

Logging violations of the MAC address learning limit (480808)

If you set a maximum number of MAC addresses learned for an interface or VLAN, the managed FortiSwitch unit drops all traffic for additional MAC addresses after the learning limit is reached.

You can now change how long learned MAC addresses are stored. By default, each learned MAC address is aged out after 300 seconds. The value ranges from 0 to 1,500 minutes. To disable MAC address aging, set the value to zero.

If you want to see the first MAC address that exceeded the learning limit for an interface or VLAN, you can enable the learning-limit violation log for a managed FortiSwitch unit. Only one violation is recorded per interface or VLAN.

By default, logging is disabled. The most recent violation that occurred on each interface or VLAN is recorded in the system log. After that, no more violations are logged until the log is reset for the triggered interface or VLAN. Only the most recent 128 violations are displayed in the console.

Use the following commands to control the learning-limit violation log and to control how long learned MAC addresses are save:

config switch-controller global set mac-violation-timer <0-1500>

set log-mac-limit-violations {enable | disable}

end

To view the content of the learning-limit violation log for a managed FortiSwitch unit, use one of the following commands:

  • diagnose switch-controller dump mac-limit-violations all <FortiSwitch_serial_ number>
  • diagnose switch-controller dump mac-limit-violations interface <FortiSwitch_ serial_number> <port_name>
  • diagnose switch-controller dump mac-limit-violations vlan <FortiSwitch_serial_ number> <VLAN_ID>

To reset the learning-limit violation log for a managed FortiSwitch unit, use one of the following commands:

  • execute switch-controller mac-limit-violation reset all <FortiSwitch_serial_ number>
  • execute switch-controller mac-limit-violation reset vlan <FortiSwitch_serial_ number> <VLAN_ID>
  • execute switch-controller mac-limit-violation reset interface <FortiSwitch_

serial_number> <port_name>

This entry was posted in Administration Guides, FortiOS 6, FortiSwitch on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.