3.1.10.2.17. maxMacConnected

The maxMacConnected plugin is designed to limit the maximum amount of MAC addresses connected on a switch port. It can also notify the administrator via mail when the limit is exceeded.

It works with the following TAGS:

MME_SWITCH: Only used if enabled the option Exclude tag (MME_SWITCH - MME_PORT_XX) in the plugin configuration. Its function is to avoid plugin execution for a switch, so it won’t matter the maximum amount of MACs.
MME_PORT_<switch-port>: Only used if enabled the option Exclude tag (MME_SWITCH - MME_PORT_XX) in the plugin configuration. Its function is to avoid plugin execution for a specific port in a switch. Therefore, on the port specified in the tag, the plugin will not run and will not check the maximum number of MAC connections.

For example:

MME_SWITCH
MME_PORT_50012

For configuring the maxMacConnected plugin, we can add the following parameters.

Max amount of MACs connected: The maximum amount of MACs connected to a switch port before an alert is sent. When this value is exceeded, then it will be notified by email. To receive this alert, it is important to know that the option Exclude tag (MME_SWITCH - MME_PORT_XX) must be deactivated and the device must not learn these tags, because the plugin would not execute and the maximum connections check would not be done.
Email to send alert: The email where the alert will be received when the maximum number of connections is exceeded for a switch port and the plugin exclusion is not used.
Exclude tag (MME_SWITCH - MME_PORT_XX): If the MME_ TAGS are used or not.

An alert will be sent if all of the following conditions are applied:

Email is configured.
Exclude tag option is disabled in the plugin configuration, or it is enabled but there are no exclude tags assigned to that switch or port of the connection.
The new counter of MACs connected to the switch port is higher than the maximum number of MACs configured in the plugin configuration.

The following diagram shows the plugin flow:

../../../../_images/maxmacconnected2.png

Firstly, the plugin checks if the exclude tag option is enabled in its configuration. If true, it will check if the network device where the connection has been received has any exclude tag that affects this switch or port. If there are, the plugin won’t be executed. If not, it will check for the alert.

If the network device doesn’t have any of the MME_TAGS, the next step is to check the alert. It will be sent if the email is configured in the plugin configuration, as we said before, and the number of actual MACs connected to that switch port is higher than the maximum MACs configured.