Specifications

106 ExtremeWare XOS 11.0 Concepts Guide

Forwarding Database

MAC-Based Security

MAC-based security allows you to control the way the FDB is learned and populated. By managing

entries in the FDB, you can block, assign priority (queues), and control packet flows on a per-address

basis.

MAC-based security allows you to limit the number of dynamically-learned MAC addresses allowed

per virtual port. You can also “lock” the FDB entries for a virtual port, so that the current entries will

not change, and no additional addresses can be learned on the port.

You can also prioritize or stop packet flows based on the source MAC address of the ingress VLAN or

the destination MAC address of the egress VLAN.

For detailed information about MAC-based security, see Chapter 10.

Displaying FDB Entries

To display FDB entries, use the following command:

show fdb {<mac_addr> | broadcast-mac | permanent | ports <portlist> | vlan

<vlan_name>}

where the following is true:

• mac_address—Displays the entry for a particular MAC address.

• broadcast-mac—Specifies the broadcast MAC address. May be used as an alternate to the

colon-separated byte form of the address ff:ff:ff:ff:ff:ff

• permanent—Displays all permanent entries, including the ingress and egress QoS profiles.

• ports <portlist>—Displays the entries for a set of ports or slots and ports.

• vlan <vlan name>—Displays the entries for a VLAN.

With no options, the command displays all FDB entries. (The age parameter does not show on the

display for the backup MSM; it does show on the display for the primary MSM.)

See the ExtremeWare XOS Command Reference Guide Software Version 11.0 for details of the commands

related to the FDB.