< Home

mac-limit (VSI view)

Function

The mac-limit command configures the MAC address limit rules on a VSI.

The undo mac-limit command restores the default setting.

By default, none of the MAC address limit rule is configured on a VSI.

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731S-H, S5732-H, S6720-HI, S6730S-H, and S6730-H support this command.

Format

mac-limit { action { discard | forward } | alarm { disable | enable } | maximum max-number } *

undo mac-limit

Parameters

Parameter Description Value

action

Indicates the action performed on packets when the number of MAC entries reaches the limit. By default, the system discards the packets.

-

discard

Indicates that after the number of MAC entries reaches the limit, the system discards the packet whose destination MAC address does not map to any entry in the MAC address table.

-

forward

Indicates that after the number of MAC entries reaches the limit, the system broadcasts a packet whose destination MAC address does not map to any entry in the MAC address table, but does not learn the destination MAC address of the packet.

-

alarm

Indicates whether an alarm is generated when the number of MAC address entries reaches the limit.

-

disable

Indicates that no alarm is generated when the number of MAC address entries reaches the limit.

-

enable

Indicates that an alarm is generated in syslog mode when the number of MAC address entries reaches the limit. By default, an alarm is sent to the NM station.

-

maximum max-number

Specifies the maximum number of MAC address entries that the current VSI can learn.

NOTE:

Set maximum max-number before you set action or alarm.

The value is an integer that ranges from 0 to 4096.

Views

VSI view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To prevent attacks, you can run the mac-limit command to limit the maximum number of MAC address that the current VSI can learn.

Precautions

If the VSI has learned some MAC addresses, run the undo mac-address dynamic command to clear the learned MAC addresses. Otherwise, the mac-limit command cannot limit the MAC address learning accurately.

When the mac-limit command is executed for the first time, you can configure action and alarm only after maximum max-number is configured. If the mac-limit command is not executed for the first time, there is no special requirement on the configuration sequence.

Example

# Set the maximum number of MAC addresses that can be learned to 100 on the VSI PW.

<HUAWEI> system-view
[HUAWEI] vsi 1
[HUAWEI-vsi-1] mac-limit maximum 100
Parent Topic: VPLS Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >