Configuration Guide 146
Managing MAC Address Table Security Configurations
Step 2 mac address-table security vid
vid
max-learn
num
{drop | forward | disable}
Configure the maximum number of MAC addresses in the specified VLAN and select a mode
for the switch to adopt when the maximum number is exceeded.
vid
: Specify an existing VLAN in which you want to limit the number of MAC addresses.
num
: Set the maximum number of MAC addresses in the specific VLAN. It ranges from 0 to
16383.
drop | forward | disable: The mode that the switch adopts when the maximum number of MAC
addresses in the specified VLAN is exceeded.
drop: Packets of new source MAC addresses in the VLAN will be dropped when the maximum
number of MAC addresses in the specified VLAN is exceeded.
forward: Packets of new source MAC addresses will be forwarded but the addresses not
learned when the maximum number of MAC addresses in the specified VLAN is exceeded.
disable: The number limit on the VLAN is not valid, and the switch follows the original forwarding
rules.
Step 3 end
Return to privileged EXEC mode.
Step 4 copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to limit the number of MAC addresses to 100 in VLAN
10, and configure the switch to drop packets of new source MAC addresses when the limit
is exceeded.
Switch#configure
Switch(config)#mac address-table security vid 10 max-learn 100 drop
Switch(config)#show mac address-table security vid 10
VlanId Max-learn Current-learn Status
------ --------- ------------- ------
10 100 0 Drop
Switch(config)#end
Switch#copy running-config startup-config
To Next Page
Loading...
