By default, the S7700 sends a trap to the NMS when the number of learned MAC addresses
reaches the limit.
----End
7.7.4 Limiting the Number of MAC Addresses Learned in a VSI
A limit can be set for the number of MAC addresses learned in a virtual service instance (VSI)
to control the number of users in the VSI. When the number of learned MAC addresses in the
VSI reaches the limit, the S7700 stops learning MAC addresses in this VSI. When an interface
in the VSI receives packets with unknown source MAC addresses, the S7700 discards the packets
or sends a trap to the network management system (NMS). This protects the network from MAC
address attacks.
Context
The MAC address limiting rule applies to all MAC addresses, including trusted MAC addresses.
If a user from an enterprise or a family uses bogus MAC addresses to attack the network, users
in the enterprise or family are not allowed to access the network, but other users on the network
are not affected.
NOTE
The X40SFC board does not support MAC address limiting in VSIs.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vsi vsi-name
The VSI view is displayed.
Step 3 Run:
mac-limit maximum max-num
The maximum number of MAC addresses learned in the VSI is set.
By default, the number of MAC addresses learned in a VSI is not limited.
Step 4 Run:
mac-limit action { discard | forward }
The action to be taken on the packets with unknown source MAC addresses when the number
of learned MAC addresses reaches the limit is configured.
By default, packets with unknown source MAC addresses are discarded after the number of
learned MAC addresses reaches the limit.
Step 5 Run:
mac-limit alarm { disable | enable }
The S7700 is configured to (or not to) send a trap to the NMS when the number of learned MAC
addresses reaches the limit.
Quidway S7700 Smart Routing Switch
Configuration Guide - Ethernet 7 MAC Address Table Configuration
Issue 01 (2011-07-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
356
To Next Page
Loading...
