Procedure 11-27: Create/Delete/Lock MAC address on a port

- Overview

Use this procedure to create, delete, or lock a MAC address on a port. Does not apply to circuit packs provisioned for NOTAG mode. See MAC Addressing/Learning and MAC Address Locking at the end of this procedure for additional information.

The Configuration → Data → Create (or Delete) MAC Address command ( ent-mac/dlt-mac TL1 command) from the System View menu allows you to create/delete or modify a MAC address + VLAN ID (VID) on a port. Use the command to provision persistent and filtered MAC addresses. A persistent MAC will bypass the normal aging process. Filtering on a MAC source address allows an operator to drop frames from a disruptive user based on the MAC address. Ethernet frames received by any port in that VLAN on the pack (Virtual Switch on the LNW70/LNW170/LNW78) with the MAC as filtered will be dropped.

When provisioning a MAC address, the MAC address must be valid, a VLAN/Port Tag must be specified, and the type must be specified. The VLAN or Port Tag must already exist in the Virtual Switch (VS) and be assigned to the selected LAN/WAN port. Unicast only MAC addresses are supported.

MAC Address Locking restricts access to an Ethernet bridged network. The MAC source address (SA) of traffic entering a locked port must match a persistent MAC address provisioned for that port. Any LAN, VCG, or Link Aggregation Group (LAG) may be put in the MAC address locking mode using the ed-eport/ed-vcg TL1 commands or the WaveStar® CIT Configuration → Equipment command. MAC address locking applies to LNW70/LNW170 circuit packs only.

- Privilege level

You must login at least as a General user to complete this procedure.

- Before you begin

Prior to performing this procedure, refer to Before you begin and Required equipment in this chapter and you must have complete work instructions for this procedure that detail:

  • The shelf slots, circuit packs, ports, MAC addresses + VLAN IDs being provisioned.

  • The MAC Address type (Persistent or Filtered) being assigned.

Steps

Use the following procedure to provision MAC Addresses/MAC Address Locking:

 
1

Use the WaveStar® CIT to log in to the Alcatel-Lucent 1665 DMX shelf.

Reference:

Procedure 14-2: Connect Personal Computer (PC) and establish WaveStar® CIT session


2

If...

Then...

you are creating or deleting MAC addresses,

continue with Step 3.

you are enabling/disabling MAC Address Locking,

proceed to Step 8.


3

Select Configuration → Data → Create (or Delete) MAC Address from the System View menu.

Result:

The Create MAC Address or Delete MAC Address window opens.


4

Select the circuit pack being provisioned, then click Select.

Result:

The Create MAC Address or Delete MAC Address for "circuit pack AID" window opens.


5

Click on an entry in the table presented to Create/Modify an entry (if Create was chosen), or to Delete an entry (if Delete was chosen).

Result:

A window opens displaying the parameters you have chosen and the options you may perform.


6

Select the required options (parameters) in the display window to add/modify/delete the necessary parameters.


7

Click on one of the buttons at the bottom of the window to Create/Modify or Delete the selections, as required.

End of MAC Address provisioning. If required, continue with the next step to Enable/Disable MAC Address Locking.


8

Select Configuration → Equipment from the System View menu. Expand the details for the circuit pack being provisioned, select the port, then click Select at the bottom of the window.


9

Click on the Traffic Provisioning tab at the top of the window.


10

For Locked Source Address, select ENABLE or DISABLE, as required. Click Apply, read the warning message, then click Yes to execute the command. Click Close to exit.


End of steps

MAC Addressing/Learning

When an Ethernet frame is received on a port, the source MAC address + VLAN ID (MAC + VID) can be learned by the port if the port is a member of that VLAN, and the MAC + VID has not been provisioned as persistent on another port in the VS. If a frame is subsequently received with the same MAC + VID by a different port in the same VLAN and VS, the MAC+VID is forgotten on the old port and learned on the new. Source addresses are learned so that when a frame is received on a port in the VS with that MAC+VID as its destination address, it will be forwarded only to the port which has learned that address. In this regard, provisioned persistent addresses behave as permanently learned addresses.

When changing VLAN tagging mode, the MAC+VLAN addresses are cleared by the deletion of the virtual switch. When the VLAN tagging mode is set to private line (NO TAG), this feature is disabled and all TL1 MAC address commands are denied.

The Configuration → Data → Create (or Delete) MAC Address command ( ent-mac/dlt-mac TL1 command) from the System View menu allows you to create/delete or modify a MAC address on a port. Use the command to provision persistent and filtered MAC addresses. See Table 11-4, ENT-MAC command provisionable parameters for a list of provisionable parameters.

ENT-MAC command parameters

Table 11-4, ENT-MAC command provisionable parameters lists the provisionable parameters for the ent-mac command.

Table 11-4: ENT-MAC command provisionable parameters

Parameter

Description

portaid

Port AID.

This is the Ethernet LAN/VCG/LAG Port AID where the address is provisioned.

For RPR circuit packs, addresses provisioned on an RPR span cause traffic destined to that address to preferentially take that span.

A Link Aggregation Group (LAG) AID is valid if the member ports are consistent with the slot aid. The port AID of a port that is a member of a LAG is not valid.

tag

TAG ID. VLAN or port tag. Value: An integer in the range 1 - 4093. When vlantagmd is 802.1TAG, VLAN is used. When vlantagmd is TRANS, port tag is used. When vlantagmd is NOTAG, the command is not supported.

mac

MAC Address.. Value: A string of 12 hexadecimal characters. Unicast MAC addresses only are supported.

type

MAC Address Type. Valid values are:

  • PERSISTENT - address will not age out, the same address is allowed on only one port in a circuit pack.

  • FILTERED - frame with filtered source MAC is dropped. The same address is allowed on many ports.

rpr_mac

RPR MAC Address. This parameter applies only to RPR circuit packs. It is the address of the RPR station through which the “mac” is reached. It applies and is required if, and only if, portaid is a valid RPR Span and enh_brdgmd (see ED-RPR) is set to ENABLE.

MAC Address Locking

MAC Address Locking applies only to LNW70/LNW170 circuit pack ports.

Any LNW70/LNW170 Ethernet LAN or VCG port may be put in the MAC address locking mode using the “locked_sa” parameter in the ed-eport/ed-vcg commands or the WaveStar® CIT Configuration → Equipment command, selecting the port, clicking on the Traffic Provisioning tab, then selecting ENABLE for the Locked Source Address.

Only MAC addresses of type “persistent” are allowed for a locked port. Before entering locked mode, all static MAC entries of type "filtered" must have been removed.

Other features are as follows:

November 2011Copyright © 2011 Alcatel-Lucent. All rights reserved.