mac-address-table filling up

[snadam]

Short quesiton :
Has anyone experienced trouble with their switch stack due to the mac-address-table filling up? Today I found that I have 5 WiFi APs that keep registering suspect MAC addresses until the stack becomes unstable. Until I get this figured out, how can I clear the learned mac-address-table from the CLI?

More details :
After receiving complaints about connectivity issues I tracked trouble to our 6850 stack that consists of 6 members running 6.4.4.707. Watching traffic with Wireshark I could see that machines were getting DHCP traffic and broadcasts but not receiving packets specifically destined for their own MAC address. Pinging the suspect hosts resulted in the stack responding with the destination-host-unreachable message. I took a look at the learned MAC address table and found that it had about 16,000 entries with the majority of those registered to my wireless access points.

I use vlan port mobile with a mac-address filter to identify my Mitel IP phones and place their traffic on VLAN 50. I found that the machines having trouble connecting were all connected to ports that have vlan port mobility enabled. Turning off port mobility allowed traffic to flow as normal but of course killed my phones.

Ultimately, the fix was to remove each access point long enough for the learned addresses to purge from the mac-address-table. As soon as the table emptied out the switches started passing traffic to all ports as expected. Unfortunately, as soon as I reconnect the access points they start registering bogus MAC addresses starting with BA:BE: and continue to do so. I normally have about 200 - 250 MAC addresses on the network but over the last 2 hours since I cleared the table that has again risen to 600.

Anyone seen anything like this before? Suggestions?

Thank you!

[silvio]

Hi,
with the following command you can delete one address or all addresses at one port a.s.o.

Code: Select all

no mac-address-table ?

with port-security you are able to limit learned mac addresses per port and avoid mac flooding.
F.e. with the following command you allow per port 100 addresses. If there are more than the port goes shutdown.

Code: Select all

port-security 1/1-48 admin-status enable
port-security 1/1-48 maximum 100
port-security 1/1-48 max-filtering 0
port-security 1/1-48 violation shutdown

regards
Silvio

[snadam]

Silvio, you rock, thanks for the input.

I messed around with port-security but in my particular case I need the port to stay up and want the access points to continue running. I also played with marking the addresses as blocked but those entries still end up in the mac-address-table taking up database space.

Using the command you suggested, --> no mac-address-table learned <slot/port>
I'm able to clear the table before it gets too large and that's keeping the system up and running while I wait on the AP manufacturer to figure out what's going on.

For others that might be interested, the access points are Open-Mesh brand devices and are managed using the CloudTrax service. The APs are based on OpenWRT with ROBIN (https://www.assembla.com/spaces/RobinMesh/wiki) on top for mesh networking. Looking around the web I have found a few other Open-Mesh AP users that are experiencing the same sort of MAC address 'flood'. Though, I'm the only one on Alcatel switches as far as I know.

Adam

[Fabr1c3]

Hello, by searching the Internet, I ran into this post, my case is a bit opposite of your.
I'd like to unauthorise a specific Mac-address on my switch, how can I do it?

[silvio]

you can use the vlan-rule (see in your other post at 6450). Or you can use port-security with a static mac-address associated also with a quarantine vlan. But I am not sure if you can use the same mac at all the ports. But you can test it.
regards
Silvio