Limitations

  • You can add a maximum of 128 MAC addresses to the whitelist.

  • When a MAC is already authorized by any of the port security features such as LMA, WMA, or 802.1X, the MAC is logged but you cannot block it using the rogue-ap-isolation feature. A RMON event is logged to notify the user.

  • When a MAC is already configured as an IP received MAC of a VLAN interface, the MAC is logged but you cannot block it by using the rogue-ap-isolation feature. A RMON event is logged to notify the user.

  • When a MAC is already locked out via lockout-mac or locked down using the static-mac configuration, the MAC is logged but you cannot block it using the rogue-ap-isolation feature. A RMON event is logged to notify the user.

  • The number of rogue MACs supported on a switch is a function of the value of max-vlans at boot time. Since the resources are shared with the lockout-mac feature, the scale is dependent on how many lockout addresses have been configured on the switch using the lockout-mac feature. The following table lists the scale when there are no lockout addresses configured on the switch:

    Max VLAN

    Supported MACs

    0 < VLAN <= 8

    200

    8 < VLAN <= 16

    100

    16 < VLAN <= 256

    64

    256 < VLAN <= 1024

    16

    1024 < VLAN <= 2048

    8

    2048 < VLAN <= 4094

    4

    The switch will create an RMON log entry and the rogue MAC will be ignored when the limit is reached.
    NOTE:

    If the max-vlans value is changed to a different value, the scale of rogue MACs supported will not change until the next reboot.