Max VLAN Supported MACs
0 < VLAN <= 8 200
8 < VLAN <= 16 100
16 < VLAN <= 256 64
256 < VLAN <= 1024 16
1024 < VLAN <= 2048 8
2048 < VLAN <= 4094 4
The switch will create an RMON log entry and the rogue MAC will be ignored when the limit is reached.
NOTE: If the max-vlans value is changed to a different value, the scale of rogue MACs
supported will not change until the next reboot.
Feature Interactions
MAC lockout and lockdown
The Rogue AP isolation feature uses the MAC lockout feature to block MACs in hardware. Therefore, any MAC
blocked with the Rogue AP isolation feature cannot be added with the lockout-mac or static-mac command
if the action type is set to block.
For example:
switch# lockout-mac 247703-7a8950
Cannot add the entry for the MAC address 247703-7a8950 because it is already
blocked by rogue-ap-isolation.
switch# static-mac 247703-7a8950 vlan 1 interface 1
Cannot add the entry for the MAC address 247703-7a8950 because it is already
blocked by rogue-ap-isolation.
Similarly, any MAC that was added with the lockout-mac or static-mac command and that is being detected
as rogue will be logged, but not blocked in hardware as it already is set to block. If the MAC is removed from
lockout-mac or static-mac but is still in the rogue device list, it will be blocked back in hardware if the action
type is block.
LMA/WMA/802.1X/Port-Security
Any configuration using LMA, WMA, 802.1X, or Port-Security will not be blocked if the Rogue AP isolation feature
is enabled. All these features act only when a packet with the said MAC is received on a port.
If rogue-ap-isolation blocks a MAC before it is configured to be authorized, packets from such MACs will be
dropped until one of the following happens:
• Rogue action is changed to LOG.
• Rogue-AP isolation feature is disabled.
248 Aruba 2530 Management and Configuration Guide for
ArubaOS-Switch 16.05
To Next Page
Loading...
