l2-multicast limit max-entry (Layer 2 Ethernet interface view)

Function

The l2-multicast limit max-entry command sets a multicast group number limit. For the multicast groups that do not need to be limited, you can use the permit rule of the ACL to define the multicast groups that do not need to be limited.

The undo l2-multicast limit max-entry command restores the default limit on the number of multicast groups.

By default, the number of multicast groups is not limited.

Format

l2-multicast limit max-entry count [ vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> ] [ except { acl-number | acl-name acl-name } ]

undo l2-multicast limit max-entry [ vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> ]

undo l2-multicast limit max-entry count [ vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> ] [ except { acl-number | acl-name acl-name } ]

Parameters

Parameter Description Value
vlan vlan-id1

Specifies the ID of a VLAN where the multicast group number needs to be limited.

The value is an integer that ranges from 1 to 4094.
to vlan-id2

Specifies the ID of a VLAN where the multicast group number needs to be limited. vlan-id2 must be greater than vlan-id1.

The value is an integer ranging from 1 to 4094.
except acl-number

Specifies the number of an ACL used to prevent groups from being counted against the limit.

The value is an integer ranging from 2000 to 3999.
except acl-name acl-name

Specifies the name of an ACL used to prevent groups from being counted against the limit.

The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter (a to z or A to Z, case sensitive).
max-entry count

Specifies a multicast group number limit.

The value is an integer ranging from 1 to 16384.

Views

Layer 2 100GE interface view, Layer 2 10GE interface view, 25GE-L2 view, 400GE-L2 view, Layer 2 40GE interface view, Layer 2 50GE interface view, Eth-Trunk interface view, Layer 2 GE interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
l2mc write

Usage Guidelines

Usage Scenario

If multicast packets are used to attack the network, devices on the network will be busy processing attack packets and cannot respond to normal network requests. To ensure the multicast service quality, you can configure a multicast group number limit to control generated multicast forwarding entries.

Table 1 lists the principles for command parameter selection.

Configuration Impact

If the l2-multicast limit max-entry command is run more than once, all configurations take effect.

Precautions

When using ACL rules for filtering, note the following points:

  • Basic ACL: (, G) entry-based filtering rules are used. The source address specified in an ACL is G (multicast group address) in a (, G) entry.
  • Advanced ACL:
  • In the Any-Source Multicast (ASM) model, (, G) entry-based filtering rules are used. The source address specified in an ACL is G (multicast group address) in a (, G) entry.
  • In the Source Specific Multicast Mapping (SSM) model, (S, G) entry-based filtering rules are used. The source address specified in an ACL is S (multicast source address) in an (S, G) entry and the destination address specified in the ACL is G (multicast group address) in the (S, G) entry.

Example

# Limit the number of multicast groups on a PW to 100. 
<HUAWEI> system-view
[~HUAWEI] mpls
[*HUAWEI-mpls] quit
[*HUAWEI] mpls l2vpn
[*HUAWEI-l2vpn] quit
[*HUAWEI] vsi vsi1
[*HUAWEI-vsi-vsi1] pwsignal ldp
[*HUAWEI-vsi-vsi1-ldp] vsi-id 200
[*HUAWEI-vsi-vsi1-ldp] l2-multicast limit max-entry 100 except 2000 remote-peer 1.1.1.1 negotiation-vc-id 2
# Limit the number of multicast groups in a VSI named vsi1 to 100. 
<HUAWEI> system-view
[~HUAWEI] mpls
[*HUAWEI-mpls] quit
[*HUAWEI] mpls l2vpn
[*HUAWEI-l2vpn] quit
[*HUAWEI] vsi vsi1
[*HUAWEI-vsi-vsi1] pwsignal ldp
[*HUAWEI-vsi-vsi1-ldp] vsi-id 200
[*HUAWEI-vsi-vsi1-ldp] quit
[*HUAWEI-vsi-vsi1] l2-multicast limit max-entry 100
# Limit the number of multicast groups in VLANs 10 to 20 on an interface to 1000. 
<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet0/1/1
[~HUAWEI-GigabitEthernet0/1/1] l2-multicast limit max-entry 1000 vlan 10 to 20
# Limit the number of multicast groups in VLANs 10 to 20 and VLAN 30 to 1000. 
<HUAWEI> system-view
[~HUAWEI] l2-multicast limit max-entry 1000 vlan 10 to 20 30
Parent Topic: Layer 2 Multicast Commands
Copyright ? Huawei Technologies Co., Ltd.
Copyright ? Huawei Technologies Co., Ltd.
< Previous topic Next topic >