MAC cache usage high for Palo Alto Networks


Palo Alto Networks


Indeni will alert when the number of MAC entries stored by a device is nearing the allowed limit.

Remediation Steps

Identify the cause of the large MAC table. If it is due to a legitimate cause, such as a high number of hosts visible on the available networks, please contact your technical support provider.

How does this work?

This alert uses the Palo Alto Networks API to retrieve the current utilization of the MAC cache - number of entries in it vs the total limit.

Why is this important?

Switches and devices with switch-like functionality, need to track the MAC addresses of devices they are connected to in order to know which port to send data out through. To ensure the memory doesn't get fully utilized, a MAC cache is created with a finite size. If the cache gets fully utilized, some traffic may be dropped.

Without Indeni how would you find this?

An administrator could write a script to leverage the Palo Alto Networks API to collect this data periodically and alert appropriately. Alternatively, wait for an issue to occur and check the MAC cache status by running "show mac all".

View Source Code