mac-limit (Bridge domain view)

Function

The mac-limit up-threshold down-threshold command sets the threshold percentage of MAC addresses that have alarms generated and cleared.

The undo mac-limit up-threshold down-threshold command deletes the preceding setting.

The mac-limit command configures a MAC address learning limit rule for the current BD.

The undo mac-limit command deletes a MAC address learning limit rule configured for the current BD.

By default, no threshold percentage for generating and clearing MAC address alarms is configured, and no MAC address learning limit rule is configured.

Format

mac-limit { maximum max [ rate interval ] | action { discard | forward } } *

mac-limit up-threshold up-threshold down-threshold down-threshold

undo mac-limit

undo mac-limit up-threshold up-threshold down-threshold down-threshold

Parameters

Parameter Description Value
maximum max

Specifies the maximum number of MAC address entries that can be learned.

The value is an integer ranging from 0 to 2048000.

When the value is 0, the number of MAC addresses that can be learned is not set.
rate interval

Specifies the interval at which MAC addresses are learned.

The value is an integer ranging from 0 to 1000, in milliseconds.

When the value is 0, the interval at which MAC addresses are learned is not set.
action

Specifies an action to be taken when the number of MAC address entries in the MAC address table reaches the limit.

-
discard

The packet with the source MAC address not contained in the MAC address table is discarded.

-
forward

The packet with the source MAC address not contained in the MAC address table is forwarded but its MAC address is not recorded.

-
up-threshold up-threshold

Specifies the upper limit.

The value is an integer ranging from 80 to 100, in percentage.
down-threshold down-threshold

Specifies the lower limit.

The value is an integer ranging from 60 to 100, in percentage.

Views

Bridge domain view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
mac write

Usage Guidelines

Usage Scenario

You can configure the number of MAC addresses that can be learned based on BD to control the number of users accessing a BD. When the number of learned MAC addresses exceeds the limit, no more MAC addresses are learned to prevent MAC address attacks. To improve network security, you can run this command to specify the percentage of the number of learned MAC addresses to the maximum number of MAC addresses that can be learned. When the number of learned MAC addresses exceeds the upper alarm threshold, an alarm is generated. When the number of learned MAC addresses falls below the lower alarm threshold, an alarm is cleared.

Prerequisites

Before running this command, ensure that the mac-limit command has been run to set the maximum number of MAC addresses that can be learned in a specified BD.

Precautions

If mac-limit up-threshold down-threshold command has been configured, you cannot delete the mac-limit configuration or execute the mac-limit maximum 0 command. Instead, you must first run the undo mac-limit up-threshold up-threshold down-threshold down-threshold command to cancel the configured threshold percentage of the number of MAC addresses that generates or clears a alarm.

Example

# Config the alarm generation and clearance thresholds for the number of MAC addresses on the BD10.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] mac-limit maximum 100
[*HUAWEI-bd10] mac-limit up-threshold 80 down-threshold 60
Parent Topic: MAC Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >