Hello,

I want to disable mac learning

im using System version: 7.0(3)I7(7) in  cisco Nexus9000 93180YC-EX

i tried that command but there is error coming:   config not supported on platform

Please need help.  

Thanks,

Jose

Hi,

I am a bit confused. Do you want to disable the mac learning on nexus 9500 or 3500?

If it's Nexus 3500, then the mac learning is disabled like this:

    switch# configure terminal
    switch(config)# interface type slot/port
    switch(config-if)# [no] switchport mac-learn disable
    switch(config-if)# clear mac address-table dynamic interface type slot/port

Note1:The no form of switchport mac-learn disable command re-enables MAC address learning on Layer 2 interfaces.

Note2: After disabling MAC address learning on an interface, ensure that you clear the MAC address table.

For Nexus 9000 (9300/9500) I will check once again the documentation. It is possible that not all platforms to support disabling the mac learning.

Can you share the exact switch model you have (line card model if you have a nexus 9500)?

Regards,

Sergiu

my switch is nexus 9500

switch(config-if)# switchport mac-learn disable
Config not supported on this Platform

if this platform not support  to deactivate mac learnig , is there any soloution to use switch as hub

What line cards do you have on your N9500 and what version is it running on your switch?

i use N9K-X9736C-FX

Hello,

I have searched for disabling mac learning on -FX based platforms, and I am not able to find any limitations about it. However, it seems that the command is restricted from hardware to avoid disabling the mac learning.

But my question is why would you want your switch to behave like a hub? Especially a Nexus 9500 switch? I am sure we can find a better solution for your requirements. :-)

Regards,

Sergiu

---

@Sergiu.Daniluk wrote:

Hi,

I am a bit confused.  Do you want to disable the mac learning on nexus 9500 or 3500?

If it's Nexus 3500, then the mac learning is disabled like this: prepaidgiftbalance

    switch# configure terminal
    switch(config)# interface type slot/port
    switch(config-if)# [no] switchport mac-learn disable
    switch(config-if)# clear mac address-table dynamic interface type slot/port

Note1:The no form of switchport mac-learn disable command re-enables MAC address learning on Layer 2 interfaces.

Note2: After disabling MAC address learning on an interface, ensure that you clear the MAC address table.

 

For Nexus 9000 (9300/9500) I will check once again the documentation. It is possible that not all platforms to support disabling the mac learning.

 

Can you share the exact switch model you have (line card model if you have a nexus 9500)?

 

Regards,

Sergiu

---

hello sir is your problem solved?

no ,

Hi John,

I can confirm there is no official way to disable the mac learning on Nexus 9500/9300,  -EX -FX generations.

What is the use case where you need mac learning disabled?

Regards,

Sergiu

Hi Sergiu,

for us, this is very useful, because I would like to set MACs manually per port. Recently there is no way how you can "secure" the port in terms of collision/hijacking/flooding MAC addresses in that environment, where you have no control over endpoints connected to your infrastructure. Normally we would use "feature port-security", however, this is not supported with VxLAN/EVPN. This feature is not supported by vPC fabric-peering as well. Therefore we would like to configure static MAC+port association and disable dynamic learning. I understood this is not supported, because even with MAC ACL, dynamic learning will learn and propagate MAC over the control plane (EVPN).

Old thread, but FYI: if you configure static mac address, then for that specific mac address there will be no more dynamic learning. In other words, you can convert all your already dynamically learned MAC addresses to static, to avoid any collision/hijack etc.

Stay safe,

Sergiu

It is old but still actual. Thank you for your response. Unfortunately, even with static MAC config, Nexus 9300 will learn MACs in the control plane and it will redistribute all MACs (even unconfigured ones) over EVPN to other switches. Luckily enough, MAC address learning is possible to disable in NXOS 10.2(2) and later. I haven't tested it as of yet though.

N93180YC(config)# mac-learn ?
  disable  Mac Learning disable to use switch as a HUB. Do a clear mac address-table dynamic after disabling mac learning

N93180YC(config)# mac-learn disable <CR>
N93180YC# sh mac address-table dynamic
Legend:
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link,
        (T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan,
        (NA)- Not Applicable
   VLAN     MAC Address      Type      age     Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
N93180YC#

Have a nice day, Marian