Community Groups Rewards Enterprise

How to Configure MAC Address Limiting on S23/33/53/63 Interfaces?

m7g
m7g  Diamond  (1)
7 years 10 months ago  View: 1267  Reply: 0
1F

When configuring MAC address limiting on an interface, pay attention to the following points:

In a version earlier than V100R005, you must run the mac-address restrict command in the system view to enable the MAC address limiting function before setting the maximum number of MAC addresses learned on an interface. In V100R005, you do not need to run this command.
- In V100R005 and later versions, port security and MAC address limiting cannot be configured on the same interface. Earlier versions do not have this restriction.
- In the version earlier than V100R005, complete the following configurations before configuring port security:

1. Run the mac-address restrict command in the system view to enable the MAC address limiting function.

2. Run the mac-table limit command in the interface view to set the maximum number of MAC addresses learned on the interface.

The following steps are performed in V100R005.


STEPs:


Step 1 Run the system-view command to enter the system view.
Step 2 Run the interface interface-type interface-number command to enter the interface view.
Step 3 Run the mac-limit maximum max-num command to set the maximum number of MAC addresses learned on the interface.
By default, the number of MAC addresses learned on an interface is not limited. The interface discards packets with new source MAC addresses and sends a trap message when the number of learned MAC addresses reaches the limit.
The port-security protect-action { protect | restrict | shutdown } command configures the port protection action performed by the interface. Before configuring the protection action, run the port-security enable command to enable the port security function on the interface. The protection actions are as follows:

  • protect

The interface discards packets with new source MAC addresses.

  • restrict

The interface discards packets with new source MAC addresses and sends a trap message.

  • shutdown

The interface is shut down.


For example, set the maximum number of MAC addresses learned by an interface to 1 and configure the protection action to protect.

<HUAWEI> system-view
[HUAWEI] interface ethernet0/0/1
[HUAWEI-Ethernet0/0/1] port-security enable
[HUAWEI-Ethernet0/0/1] port-security protect-action protect

The End

Comment| Reply
Favorite Favorite (0) | Like |Report
Reply
Return New post Share

Hot Group

Fixed Network Info Community
Members:9595   Posts:9360
Wireless Network Info Community
Members:2501   Posts:11275
Support HedEx User Group
Members:14004   Posts:4898
Core Network Info Community
Members:1125   Posts:14720
Network OSS Club
Members:4641   Posts:1596
Information For
Consumers
Enterprises
Carriers
Journalist
Suppliers
Job Seekers
About HUAWEI
Corporate Information
Corporate Governance
Executives
Bond Investor Relations
Sustainability
Cyber Security
Publications
Annual Report
News & Events
Latest News
Media Kit
Media Contact
Security Bulletins
Events
Huawei| Huawei Connect| Support| Privacy| Terms of Use
Contact Us:hworld@huawei.com
Follow Huawei Connect :
Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.