Method used to configure the MAC address learning restriction on USG firewalls

The MAC address learning restriction indicates a function of configuring rules for restricting the dynamic MAC address learning. This function is applicable to a network that supports user access but is not safe enough, for example, a cell access network or an enterprise intranet that is lack of security management.
When the number of accessed user reaches a limit, the MAC addresses of new accessed users are not learned, and packets from these users are discarded.
Before configuring the MAC address learning restriction, if a port has learned MAC addresses, run the undo mac-address dynamic command in the system view to clear these MAC addresses. Otherwise, the limit for the MAC address learning restriction becomes inaccurate.
To configure the MAC address learning restriction, run the mac-limit { maximum max | action { discard | forward } } *, command in the L2 interface view.

Scroll to top