mac-limit vlan rule-name

Function

The mac-limit vlan rule-name command applies a global MAC address learning limit rule to a VLAN to which the specified interface belongs.

The undo mac-limit vlan rule-name command deletes a global MAC address learning limit rule applied to a VLAN to which the specified interface belongs.

By default, no global MAC address learning limit rule is applied to any VLAN to which the specified interface belongs.

Format

mac-limit vlan vlan-id1 [ to vlan-id2 ] rule-name rule-name

Parameters

Parameter	Description	Value
vlan-id1	Specifies the VLAN ID associated with an Ethernet sub-interface. If the vlanBegin [ to vlanEnd ] parameters are run more than once, all configurations take effect. This parameter is only supported on Layer 2 interfaces.	The value is an integer ranging from 1 to 4094.
to vlan-id2	Specifies the VLAN ID associated with an Ethernet sub-interface. If the vlanBegin [ to vlanEnd ] parameters are run more than once, all configurations take effect. This parameter is only supported on Layer 2 interfaces.	The value is an integer ranging from 1 to 4094.
rule-name	Specifies the name of a global MAC address learning limit rule.	The value is a string of 1 to 31 characters. It does not support space, question mark, or subtraction sign.

Parameter

Description

Value

vlan-id1

Specifies the VLAN ID associated with an Ethernet sub-interface.

If the vlanBegin [ to vlanEnd ] parameters are run more than once, all configurations take effect.

This parameter is only supported on Layer 2 interfaces.

The value is an integer ranging from 1 to 4094.

to vlan-id2

Specifies the VLAN ID associated with an Ethernet sub-interface.

If the vlanBegin [ to vlanEnd ] parameters are run more than once, all configurations take effect.

This parameter is only supported on Layer 2 interfaces.

The value is an integer ranging from 1 to 4094.

rule-name

Specifies the name of a global MAC address learning limit rule.

The value is a string of 1 to 31 characters. It does not support space, question mark, or subtraction sign.

Views

Layer 2 100GE interface view, Layer 2 10GE interface view, 25GE-L2 view, 400GE-L2 view, Layer 2 40GE interface view, Layer 2 50GE interface view, Eth-Trunk interface view, Layer 2 GE interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
mac	write

Usage Guidelines

Usage Scenario

To control the number of users and protect a MAC address table against attacks, you can limit the number of MAC addresses that a device can learn. You can also configure the system to discard packets or generate an alarm to improve network security.

To apply a global MAC address learning limit rule to a VLAN to which the specified interface belongs, you can use the mac-limit vlan rule-name command in the interface view.

Precautions

Ethernet interfaces, GE interfaces, and Eth-Trunk interfaces must be Layer 2 interfaces.

Example

# Apply the global MAC address learning limit rule named name1 to VLAN 10 to which GE 0/1/9 belongs to.

<HUAWEI> system-view
[~HUAWEI] mac-limit rule-name name1 maximum 10000 rate 100 alarm enable
[*HUAWEI] interface GigabitEthernet0/1/9
[*HUAWEI-GigabitEthernet0/1/9] portswitch
[*HUAWEI-GigabitEthernet0/1/9] port trunk allow-pass vlan 10
[*HUAWEI-GigabitEthernet0/1/9] mac-limit vlan 10 rule-name name1