Re: Cisco SX350 mac learning per VLAN

JonathanPBL · ‎06-12-2019

Hi all,

Looking for some advice on port security & mac address learning. Essentially we are looking to lock down connections on a particular VLAN running on our Cisco SX350 switch. I have toyed around with ACL which seem to work but are little sensitive when editing.

I have added a sticky mac address (the authenticated device) to the port on the native VLAN, I now need to know how to block mac address learning on the port. The catch is that there is a tagged VLAN on the port which does require learning.

Is there any way to disable learning on the native or a single VLAN only?

Thanks,

Jonathan

omz · ‎06-12-2019

How about ..

no mac-address-table learning { vlan vlan-id [ , vlan-id | -vlan-id] | interface interface slot / port }

Disable MAC address learning on an interface or on a specified VLAN or VLANs.

You can specify a single VLAN ID or a range of VLAN IDs separated by a hyphen or comma. Valid VLAN IDs 1 to 4094. It cannot be an internal VLAN.

omz · ‎06-12-2019

this may help if you not already seen it

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-3550-series-switches/64844-mac-acl-block-arp.html#anc5

JonathanPBL · ‎06-12-2019

Thanks for the replies. These seem to relate to the Catalyst switches. We are using the small business Cisco SX350 series. CLI slightly different.

omz · ‎06-12-2019

Hi Jonathan

my bad .. should have paid more attention to the subject :)

can't seem to find any similar to no mac table learning in the SX350 config guide.

may be someone else knows .. sorry.

JonathanPBL · ‎06-12-2019

No problem, thank you for the input anyway :)