Description This article provides the details of the persistent MAC learning or sticky MAC feature which is a port security feature.
Solution The Persistent MAC learning is a port security feature where dynamically learned MAC addresses are retained when a switch or interface comes back online.
Note. The FortiGate and FortiSwitch firmware versions should be compatible.
Below are benefits of this feature : -Prevent traffic loss from trusted workstations and servers since there is no need to relearn MAC address after a restart. -Protect the FortiSwitch and the whole network when combined with MAC-learning-limit against security attacks such as Layer 2 DoS and overflow attacks.
Persistent MAC learning is configured in FortiGate and implemented in FortiSwitch. It is disabled by default. It can be used to persistent MAC learning together with MAC limiting to restrict the number of persistent MAC addresses.
This feature is hardware and CPU intensive and can take several minutes depending on the number of entries.
To enable sticky MAC on FortiGate run the below commands.
# config switch-controller managed-switch edit <switch-serial-number> # conf ports edit <port-number> set sticky-mac enable next end next end
Note before saving sticky Mac entries into CMDB, it can be required to delete the other unsaved sticky MAC items.
Saving sticky MAC items copies the sticky MAC items from memory to CMDB on FortiSwitches and FortiGates.
