Thanks neale, What is the easiest way to enable learning on an interface while other functionality , including passing the ping and arp packets , work normally?
I want l2_learn_process run for that interface so that I can write a function to do something like put a limiting on maximum connected devices with it's help. On Mon, Aug 2, 2021, 23:38 Neale Ranns <ne...@graphiant.com> wrote: > > > HI Moshen, > > > > *From: *vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> on behalf of Mohsen > Meamarian via lists.fd.io <meamarian.mohsen=gmail....@lists.fd.io> > *Date: *Monday, 2 August 2021 at 18:45 > *To: *vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> > *Subject: *[vpp-dev] MAC Learning in vpp > > Hi friends, > > I want to implement port security in vpp. I assume that the > l2learn_process function in l2_learn.c runs periodically when vpp is active > and When a device is connected to my system , this function helps to learn > it's mac. Is this assumption true ? > > > > No. l2_learn runs for all packets that are received on a link on which > learning is enabled. You can see it in the trace you provided. It is > learning in this VLIB node that will populated the l2fib. > > > > because when I run the sh l2fib command , it returns nothing. but when I > set an interface as a bridge , the sh l2fib command returns something. my > commands : > > > > create bridge-domain 2 arp-term 1 > create loopback interface > set int l2 bridge loop0 2 bvi > set interface state loop0 up > set interface l2 bridge GigabitEthernet0/8/0 2 > > show bridge-domain 2 detail > show l2fib all > > > > but i have a problem here. vpp drop ping packet.Where can the problem come > from? > > > > I attached my trace command result to this mail.I get " l2-flood: BVI L3 > mac mismatch " error. > > > > That shows an ARP packet destined to a unicast MAC. That packet was > flooded, suggesting an l2fib miss and unknown-unicast flooding is enabled. > The dst MAC of the packet did not match the MAC of the BVI (the only other > interface in the BD) so it was dropped. > > > > /neale > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19897): https://lists.fd.io/g/vpp-dev/message/19897 Mute This Topic: https://lists.fd.io/mt/84615988/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
