cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2166
Views
0
Helpful
2
Replies

MAC Learning Disabled on C9372PX acting as DataBroker CSCuy65463

Dear Community,

I'd like to ask about device behavior when it reports every second:

%-SLOT1-5-BCM_L2_LEARN_DISABLE: MAC Learning Disabled unit=0
%-SLOT1-5-BCM_L2_LEARN_ENABLE: MAC Learning Enabled unit=0

Does this mean that when the Mac learning is turned off, the device transmits traffic to all ports?
Described event applies to the Nexus C9372PX 7.0(3)I4(7) acting as Cisco Nexus Data Broker. In my case the problem occured after I started collecting data C9372PX  e1/1 and e1/2. Both (e1/1,2) interfaces are connected to the pair of N7700 (working in one vpc domain). Tt is possible that same MAC becomes visible across e1/1 and e1/2.
 
Similar situation has been described in CSCuy65463:
 
When using Nexus 9K switches (Nexus 9300 and Nexus 9500 with T2 line cards) for Tap aggregation, there is a potential that same MAC becomes visible across different ports as customers tap different points in their network. In Nexus 3K today we have the ability to disable the MAC learning globally but on Nexus 9K switches we do not have a similar command.
It is highly critical to have this command on Nexus 9K because when used with Tap aggression, undesired MAC move syslog messages are generated that fills up the syslog file.
Conditions:
Workaround:
None.
 
My question is, does the described situation apply only to writing a large number of messages to the log or is there a potential danger that the traffic is forwarded to all ports?
 
Regards
Piotr
 
2 Replies 2

Dear Piotr,

 

This the answer i received from a Cisco TAC engineer regarding the same question in 2017.

 

As far as the MAC learning is concerned, you can ignore those messages about the learning being enabled/disabled. Truly, to an NDB switch, the source MAC addresses will very easily appear to be moving rapidly between multiple source interfaces, as the same traffic SPANned at different points in the production network is fed to multiple source interfaces on an NDB switch. Ideally, we would disable the MAC address learning right away; unfortunately, the „mac-learn disable“ command on the N9300 platform is not available in 7.0(3)I4(6).

See Peter Paluchs message here: https://community.cisco.com/t5/switching/cannot-find-reference-for-this-message-seen-in-log-on-nexus-9508/td-p/2697030

Hi

the command "mac-learn disable" is available at 9.2.2 but does it cause flooding frames everywhere? Of course they would be blocked because of "switchport block unicast/multicast" in outbound direction. So what does it do actually?


Thx, Tomas

Review Cisco Networking for a $25 gift card