cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

3042
Views
0
Helpful
11
Replies
johncena74143
Beginner

disable mac learning on nexus 9500

hi guys
I want to disable mac learning on nexus 9500 with nx-os 9.3.3 but Unfortunately i didn`t found any thing about disable mac learning on nexus 9500 with nx-os 9.3.3
i found a command in nexus 3548 with nx-os 6.x
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3548/sw/layer_2_switching/60x/b_Cisco_N3548_Layer_2_Switching_Config_602_A1_1/b_Cisco_N3548_Layer_2_Switching_Config_602_A1_1_chapter_01001.html
but this command not found in nexus 3548 with nx-os 9.3.3
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/layer2/93x/configuration/guide/b-cisco-nexus-3000-nx-os-layer-2-configuration-guide-93x.html
How can I do this

11 REPLIES 11
Sergiu.Daniluk
VIP Advisor

Hi,

I believe the command you are looking for:

N9K-1(config)# mac-learn disable  
  disable  Mac Learning disable to use switch as a HUB. Do a clear mac address-table dynamic after disabling mac learning

Regards,

Sergiu

johncena74143
Beginner

thank you for your replay but 

switch(config)# mac-learn disable
config not supported on platform

Hi,

I am a bit confused. Do you want to disable the mac learning on nexus 9500 or 3500?

If it's Nexus 3500, then the mac learning is disabled like this:

    switch# configure terminal
    switch(config)# interface type slot/port
    switch(config-if)# [no] switchport mac-learn disable
    switch(config-if)# clear mac address-table dynamic interface type slot/port

Note1:The no form of switchport mac-learn disable command re-enables MAC address learning on Layer 2 interfaces.

Note2: After disabling MAC address learning on an interface, ensure that you clear the MAC address table.

 

For Nexus 9000 (9300/9500) I will check once again the documentation. It is possible that not all platforms to support disabling the mac learning.

 

Can you share the exact switch model you have (line card model if you have a nexus 9500)?

 

Regards,

Sergiu

my switch is nexus 9500

 

switch(config-if)# switchport mac-learn disable
Config not supported on this Platform

 

if this platform not support  to deactivate mac learnig , is there any soloution to use switch as hub

What line cards do you have on your N9500 and what version is it running on your switch?

i use N9K-X9736C-FX

Hello,

I have searched for disabling mac learning on -FX based platforms, and I am not able to find any limitations about it. However, it seems that the command is restricted from hardware to avoid disabling the mac learning.

But my question is why would you want your switch to behave like a hub? Especially a Nexus 9500 switch? I am sure we can find a better solution for your requirements. :-)

 

Regards,

Sergiu


@Sergiu.Daniluk wrote:

Hi,

I am a bit confused.  Do you want to disable the mac learning on nexus 9500 or 3500?

If it's Nexus 3500, then the mac learning is disabled like this: prepaidgiftbalance

    switch# configure terminal
    switch(config)# interface type slot/port
    switch(config-if)# [no] switchport mac-learn disable
    switch(config-if)# clear mac address-table dynamic interface type slot/port

Note1:The no form of switchport mac-learn disable command re-enables MAC address learning on Layer 2 interfaces.

Note2: After disabling MAC address learning on an interface, ensure that you clear the MAC address table.

 

For Nexus 9000 (9300/9500) I will check once again the documentation. It is possible that not all platforms to support disabling the mac learning.

 

Can you share the exact switch model you have (line card model if you have a nexus 9500)?

 

Regards,

Sergiu


hello sir is your problem solved?

no ,

Hi John,

I can confirm there is no official way to disable the mac learning on Nexus 9500/9300,  -EX -FX generations.

What is the use case where you need mac learning disabled?

 

Regards,

Sergiu

Hi Sergiu,

for us, this is very useful, because I would like to set MACs manually per port. Recently there is no way how you can "secure" the port in terms of collision/hijacking/flooding MAC addresses in that environment, where you have no control over endpoints connected to your infrastructure. Normally we would use "feature port-security", however, this is not supported with VxLAN/EVPN. This feature is not supported by vPC fabric-peering as well. Therefore we would like to configure static MAC+port association and disable dynamic learning. I understood this is not supported, because even with MAC ACL, dynamic learning will learn and propagate MAC over the control plane (EVPN).