mac-limit (Layer 2 sub-interface view)

Function

The mac-limit command applies a global MAC address learning limit rule on an interface.

The undo mac-limit command deletes a global MAC address learning limit rule applied on an interface.

By default, no global MAC address learning limit rule is applied on a sub-interface.

Format

mac-limit { maximum max [ rate hours ] | action { discard | forward } | alarm { enable | disable } } *

mac-limit rule-name rule-name

undo mac-limit

Parameters

Parameter Description Value
maximum max

Specifies the maximum number of MAC address that can be learned.

The value is an integer ranging from 0 to 131072.

When the value is 0, no limitation is set on the address learning number.
rate hours

Indicates the interval at which MAC addresses are learned.

The parameter must be configured when configuring the global MAC address learning limit rule.

The value is an integer ranging from 0 to 1000, in milliseconds.

When the value is 0, no limitation is set on the address learning interval.
action

Specifies an action to be taken when the number of MAC address entries in the MAC address table reaches the limit.

-
discard

The packet with the source MAC address not contained in the MAC address table is discarded.

-
forward

The packet with the source MAC address not contained in the MAC address table is forwarded but its MAC address is not recorded.

-
alarm

Specifies whether an alarm is generated when the number of the MAC address entries in the MAC address table reaches the limit.

-
enable

An alarm is generated.

-
disable

No alarm is generated.

-
rule-name rule-name

Specifies the name of a global MAC address learning limit rule.

The value is a string of 1 to 31 characters. It does not support space, question mark, or subtraction sign.

Views

400GE Layer 2 sub-interface view, 50GE Layer 2 sub-interface view, Eth-Trunk Layer 2 sub-interface view, FlexE sub-interface view, GE Layer 2 sub-interface view, PW-VE sub-interface view, Layer 2 sub-interface view, Sub-interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
mac write

Usage Guidelines

Usage Scenario

To control the number of users and protect a MAC address table against attacks, you can limit the number of MAC addresses that a device can learn. You can also configure the system to discard packets or generate an alarm to improve network security.

To apply a global MAC address learning limit rule on an interface, run the mac-limit rule-name command in the sub-interface view.

Configuration Impact

If a global MAC address learning limit rule has been applied on an interface, another MAC address learning rule cannot be configured on the interface using the mac-limit command.

Precautions

GE interface, and Eth-Trunk interface must be Layer 2 interfaces.

Example

# Apply the global MAC address learning limit rule named name1 on GE 0/1/9.1.
<HUAWEI> system-view
[~HUAWEI] mac-limit rule-name name1 maximum 10000 rate 100 alarm enable
[*HUAWEI] interface GigabitEthernet0/1/9.1
[*HUAWEI-GigabitEthernet0/1/9.1] mac-limit rule-name name1
Parent Topic: MAC Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >