l2-multicast limit max-entry (vlan)

Function

The l2-multicast limit max-entry command sets a multicast group number limit. An ACL rule in which the action is permitted can be used to prevent groups from being counted against the limit.

The undo l2-multicast limit max-entry command cancels the configuration.

By default, the number of multicast groups is not limited.

Format

l2-multicast limit max-entry count vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> [ except { acl-number | acl-name acl-name } ]

undo l2-multicast limit max-entry vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

undo l2-multicast limit max-entry count vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> [ except { acl-number | acl-name acl-name } ]

Parameters

Parameter Description Value
count

Specifies a multicast group number limit.

The value is an integer ranging from 1 to 16384.
vlan vlan-id1

Specifies the ID of a VLAN where the multicast group number needs to be limited.

The value is an integer ranging from 1 to 4094.
to vlan-id2

Specifies the number of a VLAN in which multicast group limit needs to be configured. vlan-id2 must be greater than vlan-id1.

The value is an integer ranging from 1 to 4094.
except acl-number

Specifies the number of an ACL used to prevent groups from being counted against the limit.

The value is an integer ranging from 2000 to 3999.
except acl-name acl-name

Specifies the name of an ACL used to prevent groups from being counted against the limit.

The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter (a to z or A to Z, case sensitive).

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
l2mc write

Usage Guidelines

Usage Scenario

If multicast packets are used to attack the network, devices on the network will be busy processing attack packets and cannot respond to normal network requests. To ensure the multicast service quality, you can configure a multicast group number limit to control generated multicast forwarding entries.

Table 1 lists the principles for command parameter selection.

Configuration Impact

If the l2-multicast limit max-entry command is run more than once, all configurations take effect.

Precautions

When using ACL rules for filtering, note the following points:

  • Basic ACL: (, G) entry-based filtering rules are used. The source address specified in an ACL is G (multicast group address) in a (, G) entry.
  • Advanced ACL:
  • In the Any-Source Multicast (ASM) model, (, G) entry-based filtering rules are used. The source address specified in an ACL is G (multicast group address) in a (, G) entry.
  • In the Source Specific Multicast Mapping (SSM) model, (S, G) entry-based filtering rules are used. The source address specified in an ACL is S (multicast source address) in an (S, G) entry and the destination address specified in the ACL is G (multicast group address) in the (S, G) entry.

Example

# Limit the number of multicast groups in VLANs 10 to 20 and VLAN 30 to 1000.
<HUAWEI> system-view
[~HUAWEI] l2-multicast limit max-entry 1000 vlan 10 to 20 30
Parent Topic: Layer 2 Multicast Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >