Logging violations of the MAC address learning limit (480808)

Logging violations of the MAC address learning limit (480808)

If you set a maximum number of MAC addresses learned for an interface or VLAN, the managed FortiSwitch unit drops all traffic for additional MAC addresses after the learning limit is reached.

You can now change how long learned MAC addresses are stored. By default, each learned MAC address is aged out after 300 seconds. The value ranges from 0 to 1,500 minutes. To disable MAC address aging, set the value to zero.

If you want to see the first MAC address that exceeded the learning limit for an interface or VLAN, you can enable the learning-limit violation log for a managed FortiSwitch unit. Only one violation is recorded per interface or VLAN.

By default, logging is disabled. The most recent violation that occurred on each interface or VLAN is recorded in the system log. After that, no more violations are logged until the log is reset for the triggered interface or VLAN. Only the most recent 128 violations are displayed in the console.

Use the following commands to control the learning-limit violation log and to control how long learned MAC addresses are save:

config switch-controller global set mac-violation-timer <0-1500>

set log-mac-limit-violations {enable | disable}

end

To view the content of the learning-limit violation log for a managed FortiSwitch unit, use one of the following commands:

  • diagnose switch-controller dump mac-limit-violations all <FortiSwitch_serial_ number>
  • diagnose switch-controller dump mac-limit-violations interface <FortiSwitch_ serial_number> <port_name>
  • diagnose switch-controller dump mac-limit-violations vlan <FortiSwitch_serial_ number> <VLAN_ID>

To reset the learning-limit violation log for a managed FortiSwitch unit, use one of the following commands:

  • execute switch-controller mac-limit-violation reset all <FortiSwitch_serial_ number>
  • execute switch-controller mac-limit-violation reset vlan <FortiSwitch_serial_ number> <VLAN_ID>
  • execute switch-controller mac-limit-violation reset interface <FortiSwitch_

serial_number> <port_name>


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU