Limitations

You can add a maximum of 128 MAC addresses to the whitelist.

When a MAC is already authorized by any of the port security features such as LMA, WMA, or 802.1X, the MAC is logged but you cannot block it using the rogue-ap-isolation feature. A RMON event is logged to notify the user.

When a MAC is already configured as an IP received MAC of a VLAN interface, the MAC is logged but you cannot block it by using the rogue-ap-isolation feature. A RMON event is logged to notify the user.

When a MAC is already locked out via lockout-mac or locked down using the static-mac configuration, the MAC is logged but you cannot block it using the rogue-ap-isolation feature. A RMON event is logged to notify the user.

The number of rogue MACs supported on a switch is a function of the value of max-vlans at boot time. Since the resources are shared with the lockout-mac feature, the scale is dependent on how many lockout addresses have been configured on the switch using the lockout-mac feature. The following table lists the scale when there are no lockout addresses configured on the switch:

Max VLAN	Supported MACs
0 < VLAN <= 8	200
8 < VLAN <= 16	100
16 < VLAN <= 256	64
256 < VLAN <= 1024	16
1024 < VLAN <= 2048	8
2048 < VLAN <= 4094	4

The switch will create an RMON log entry and the rogue MAC will be ignored when the limit is reached.

NOTE:

If the max-vlans value is changed to a different value, the scale of rogue MACs supported will not change until the next reboot.