No. Data
1 Maximum number of MAC addresses that can be learned on an interface, VLAN,
slot, or VSI
7.7.2 Limiting the Number of MAC Addresses Learned on an
Interface
A limit can be set for the number of MAC addresses learned on an interface to control the number
of access users on the interface. When the number of learned MAC addresses on the interface
reaches the limit, the S7700 stops learning MAC addresses on this interface. When the interface
receives packets with unknown source MAC addresses, it can be configured to discard the
packets or generate an alarm. This protects the network from MAC address attacks.
Context
The MAC address limiting rule applies to all MAC addresses, including trusted MAC addresses.
If a user from an enterprise or a family uses bogus MAC addresses to attack the network, users
in the enterprise or family are not allowed to access the network, but other users on the network
are not affected.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
Step 3 Run:
mac-limit maximum max-num
The maximum number of MAC addresses learned on the interface is set.
By default, the number of MAC addresses learned on an interface is not limited.
Step 4 Run:
mac-limit action { discard | forward }
The action to be taken on the packets with unknown source MAC addresses when the number
of learned MAC addresses reaches the limit is configured.
By default, packets with unknown source MAC addresses are discarded after the number of
learned MAC addresses reaches the limit.
Step 5 Run:
mac-limit alarm { disable | enable }
The S7700 is configured to (or not to) send a trap to the NMS when the number of learned MAC
addresses reaches the limit.
Quidway S7700 Smart Routing Switch
Configuration Guide - Ethernet 7 MAC Address Table Configuration
Issue 01 (2011-07-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
354
To Next Page
Loading...
