Configuring a MAC Address Learning Limit Rule

Configuring a MAC address learning limit rule can control the number of access users. If the number of learned MAC addresses reaches the maximum number, no additional MAC addresses will be learned. In addition, the packet discarding and alarm functions can be configured to prevent MAC address attacks and improve network security.

Context

Before configuring a MAC address learning limit rule, run the reset mac-address command to clear the learned MAC addresses to ensure that the number of MAC addresses that can be learned is limited accurately.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Perform one or more of the following configurations as required.

    • Configure a MAC address learning limit rule on an interface to control the number of users connected to the interface. Choose one of the following configuration modes:

      Table 1 Configure a MAC address learning limit rule on an interface

      Configuring a MAC Address Learning Limit Rule

      Operation

      Specifying a rule name

      1. Run the mac-limit rule-name rule-name { action { discard | forward } | alarm { disable | enable } | maximum max [ rate interval ] } * command to create the global MAC address learning limit rule.

      2. Run the interface interface-type interface-number command to enter the Ethernet interface view.

      3. Run the mac-limit rule-name rule-name command to apply the global MAC address learning limit rule on the interface.

      Without specifying a rule name

      1. Run the interface interface-type interface-number command to enter the interface view. Currently, the value can be Ethernet interface view, GE interface view, Eth-Trunk interface view, VE interface view, or global-VE interface view, or port group view.

      2. Run the mac-limit { action { discard | forward } | alarm { disable | enable } | maximum max } * command to configure the MAC address learning limit rule.

    • Configure a MAC address learning limit rule in a VLAN to control the number of users in the VLAN.

      1. Run vlan vlan-id

        The VLAN view is displayed.

      2. Run mac-limit { action { discard | forward } | alarm { disable | enable }| maximum maxValue [ rate interval ] } *

        The MAC address learning limit rule is configured.

      3. (Optional) Run mac-limit up-threshold up-threshold down-threshold down-threshold

        The threshold percentage of MAC addresses that have alarms generated and cleared is configured.

    • Configure a MAC address learning limit rule on an interface in a VLAN to control the number of VLAN users connected to the interface. Choose one of the following configuration modes:

      Table 2 Configuring a MAC address learning limit on an interface in a VLAN

      Configuring a MAC Address Learning Limit Rule

      Operation

      Specifying a rule name

      1. Run the mac-limit rule-name rule-name { action { discard | forward } | alarm { disable | enable } | maximum max [ rate interval ] } * command to create the global MAC address learning limit rule.

      2. Run the interface interface-type interface-number command to enter the Ethernet interface view.

      3. Run the mac-limit vlan vlan-id1 [ to vlan-id2 ] rule-name rule-name command to apply the global MAC address learning limit rule to the VLAN to which the interface belongs.

      Without specifying a rule name

      1. Run the interface interface-type interface-number command to enter the interface view.

      2. Run the mac-limit { action { discard | forward } | alarm { disable | enable } | maximum maxValue } * command to configure the MAC address learning limit rule.

    • Configure a MAC address learning limit rule in a virtual switching instance (VSI) to control the number of users in the VSI.

      1. Run vsi vsi-name [ static ]

        The VSI view is displayed.

      2. Run mac-limit { action { discard | forward } | maximum max [ rate interval ] } *

        The MAC address learning limit rule is configured.

      3. Run mac-limit up-threshold up-threshold down-threshold down-threshold

        Alarm rising and falling thresholds are configured for MAC address learning.

    • Configure a MAC address learning limit rule on a pseudo wire (PW) to control the number of users on the PW.

      1. Run vsi vsi-name [ static ]

        The VSI view is displayed.

      2. Run pwsignal ldp

        The VSI LDP view is displayed.

      3. Run vsi-id vsi-id

        The VSI ID is configured.

      4. Run peer peer-address

        The IP address of a VSI peer is configured.

      5. Run peer peer-address pw pw-name

        A PW is created.

      6. Run mac-limit { action { discard | forward } | alarm { disable | enable } | maximum Value [ rate interval ] } *

        A MAC address learning limit rule is configured.

  3. Run commit

    The configuration is committed.

Parent Topic: Configuring Parameters for Dynamic MAC Address Entries
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >