ASR 9000 MAC Limiting on Bridge Domain Access Circuit
I've been running into an issue and wondering if anyone else has experienced the same problem. I have an ASR 9006 running IOS XR 5.3.3 in my lab and I've created a test bridge domain. Within that bridge domain, under the access circuit, I've configured a mac limit of 50 with the 'no flood' action. When this limit is hit, mac address learning is disabled as expected, but the problem is that its never re-enabled. If i stop all traffic on that interface, the mac learning remains disabled indefinitely until I change the configuration to either remove mac limiting or change the action to none. I would like to think that at some point it it would back off and re-enable mac learning after seeing that the mac address count has dropped below the threshold. Any ideas?
RP/0/RSP0/CPU0:LAB-ASR9006-01#sho l2vpn bridge-domain bd-name 9 det
AC: GigabitEthernet0/2/0/9.300, state is up Type VLAN; Num Ranges: 1 VLAN ranges: [300, 300] MTU 8986; XC ID 0x208000c; interworking none MAC learning: disabled (MAC-limit action) Flooding: Broadcast & Multicast: enabled Unknown unicast: disabled (MAC-limit action) MAC aging time: 300 s, Type: inactivity MAC limit: 50, Action: limit, no-flood, Notification: syslog MAC limit reached: yes MAC port down flush: enabled MAC Secure: disabled, Logging: disabled Split Horizon Group: none Dynamic ARP Inspection: disabled, Logging: disabled IP Source Guard: disabled, Logging: disabled DHCPv4 snooping: disabled IGMP Snooping: enabled IGMP Snooping profile: none MLD Snooping profile: none Storm Control: bridge-domain policer Static MAC addresses: Statistics: packets: received 1437063 (multicast 189407949, broadcast 44127, unknown unicast 0, unicast 0), sent 18 bytes: received 301982330 (multicast 40280180924, broadcast 3293496, unknown unicast 0, unicast 0), sent 1008 MAC move: 0 Storm control drop counters: packets: broadcast 0, multicast 0, unknown unicast 0 bytes: broadcast 0, multicast 0, unknown unicast 0 Dynamic ARP inspection drop counters: packets: 0, bytes: 0 IP source guard drop counters: packets: 0, bytes: 0
RP/0/RSP0/CPU0:LAB-ASR9006-01#sho run l2vpn bridge group 9 Mon Feb 5 06:23:53.371 EST l2vpn bridge group 9 bridge-domain 9 mac aging time 300 ! withdraw state-down ! mtu 9000 interface GigabitEthernet0/2/0/9.300 mac limit maximum 50 action no-flood notification syslog ! ! ! vfi 9 vpn-id 9 autodiscovery bgp rd auto route-target 9:9 ! neighbor 192.168.2.100 pw-id 91 ! neighbor 192.168.2.200 pw-id 91 ! ! routed interface BVI9 ! ! !
RP/0/RSP0/CPU0:LAB-ASR9006-01#sho l2vpn forwarding bridge-domain 9:9 loc 0/2/CPU0 Mon Feb 5 06:29:21.345 EST Bridge MAC Bridge-Domain Name ID Ports addr Flooding Learning State -------------------------------- ------ ----- ------- -------- -------- --------- 9:9 0 4 0 Enabled Enabled UP
OverviewCisco SDA Overview:Cisco ACI Overview:How the Integration works:Configuration:Topology:Cisco DNAC to ISE Integration:Cisco ISE to ACI Integration:Verification:Policy Enforcement in ACI Domain:Policy Enforcement in Cisco SD-Access Domain:
The long-awaited Cisco Catalyst 9600 Series switches are now here. As foundational building blocks for the Cisco Digital Network Architecture, Catalyst 9600 Series switches help customers simplify complexity, optimize IT, and reduce operational cost...
Inviting all Network professionals! We want you to tell us what devices you use to do your work and its screen resolution. Your response will help us improve network management tools.
Click here to take the 5-minute survey: http://cs.co/9009E28lV
Calling Cisco Customers who manage networks in your companies
We have a quick 5-minute survey for you to complete. Your response will help Cisco improve a product feature that could benefit you.
Click here now: http://cs.co/9002E0kjC
Since the last blog on IOS-XE release, there has been a standard maintenance release which was followed by the recently published Extended Maintenance Release(EMR) and the last release on the 16.x train, IOS-XE 16.12.1. With this being an EMR release, it ...