< Home

Example for Configuring MAC Address Limiting in a VLAN

Networking Requirements

In Figure 1, user network 1 is connected to GE0/0/1 of the Switch through LSW1, and user network 2 is connected to GE0/0/2 of the Switch through LSW2. GE0/0/1 and GE0/0/2 belong to VLAN 2. To control the number of access users, configure MAC address limiting in VLAN 2.

Figure 1 Configuring MAC address limiting in a VLAN

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN and add interfaces to the VLAN to implement Layer 2 forwarding.

  2. Configure MAC address limiting in the VLAN to prevent MAC address attacks and control the number of access users.

Procedure

  1. Configure MAC address limiting.

    # Add GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to VLAN 2.

    <HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 2
[Switch-vlan2] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 2
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 2
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type hybrid
[Switch-GigabitEthernet0/0/2] port hybrid pvid vlan 2
[Switch-GigabitEthernet0/0/2] port hybrid untagged vlan 2
[Switch-GigabitEthernet0/0/2] quit

    # Configure the following MAC address limiting rule in VLAN 2: A maximum of 100 MAC addresses can be learned. When the number of learned MAC address entries reaches the limit, the Switch discards the packets with new source MAC addresses and generates an alarm.

    [Switch] vlan 2
[Switch-vlan2] mac-limit maximum 100 alarm enable
[Switch-vlan2] return

  2. Verify the configuration.

    # Run the display mac-limit command in any view to check whether the MAC address limiting rule is successfully configured.

    <Switch> display mac-limit
MAC limit is enabled
Total MAC limit rule count : 1

PORT                 VLAN/VSI      SLOT Maximum Rate(ms) Action  Alarm
----------------------------------------------------------------------------
-                    2                -    100     -     forward enable

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 2
#
vlan 2
 mac-limit maximum 100
#
interface GigabitEthernet0/0/1
 port link-type hybrid
 port hybrid pvid vlan 2
 port hybrid untagged vlan 2
#
interface GigabitEthernet0/0/2
 port link-type hybrid
 port hybrid pvid vlan 2
 port hybrid untagged vlan 2
#
return
Parent Topic: Configuration Examples for MAC Address Tables
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >