How to configure MAC address limiting on interfaces

When configuring MAC address limiting on an interface, pay attention to the following points: port security and MAC address limiting cannot be configured on the same interface. Earlier versions do not have this restriction.

The following steps are performed in V100R005.

Procedure
Run the system-view command to enter the system view.
Run the interface interface-type interface-number command to enter the interface view.
Run the mac-limit maximum max-num command to set the maximum number of MAC addresses learned on the interface.

By default, the number of MAC addresses learned on an interface is not limited. The interface discards packets with new source MAC addresses and sends a trap message when the number of learned MAC addresses reaches the limit.

The port-security protect-action { protect | restrict | shutdown } command configures the port protection action performed by the interface. Before configuring the protection action, run the port-security enable command to enable the port security function on the interface. The protection actions are as follows:
protect

The interface discards packets with new source MAC addresses.

restrict

The interface discards packets with new source MAC addresses and sends a trap message.

shutdown

The interface is shut down.

For example, set the maximum number of MAC addresses learned by an interface to 1 and configure the protection action to protect.

system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port-security enable
[HUAWEI-GigabitEthernet0/0/1] port-security protect-action protect

Scroll to top