The mac-limit rule-name command applies a global MAC address learning limit rule on an interface.
The undo mac-limit rule-name command deletes a global MAC address learning limit rule applied on an interface.
By default, no global MAC address learning limit rule is applied on an interface.
Usage Scenario
To control the number of users and protect a MAC address table against attacks, you can limit the number of MAC addresses that a device can learn. You can also configure the system to discard packets or generate an alarm to improve network security.
To apply a global MAC address learning limit rule on an interface, run the mac-limit rule-name command in the interface view.Prerequisites
The specified global MAC address learning limit rule must have been configured using the mac-limit rule-name (system view) command.
Configuration Impact
If a global MAC address learning limit rule has been applied on an interface, another MAC address learning rule cannot be configured on the interface using the mac-limit command.
Precautions
GE interface, and Eth-Trunk interface must be Layer 2 interfaces.
<HUAWEI> system-view [~HUAWEI] mac-limit rule-name name1 maximum 10000 rate 100 alarm enable [*HUAWEI] interface GigabitEthernet0/1/9 [*HUAWEI-GigabitEthernet0/1/9] portswitch [*HUAWEI-GigabitEthernet0/1/9] mac-limit rule-name name1