Principles of MAC address learning limit on NE routers

29

A router learns source MAC addresses of user packets. After the number of learned MAC addresses reaches the configured limit, subsequent user packets are processed differently depending on whether the source MAC addresses of the user packets exist in the MAC address table on the router. If the source MAC addresses of the user packets are in the MAC address table, the router forwards the packets. If the source MAC addresses are not in the MAC address table, the router discards or forwards the user packets, depending on the configured action. For example, if the action is discard, the router discards the user packets on its inbound interface.

Other related questions:
Whether USG firewalls support MAC address learning restriction
The USG2000 and USG5000 support MAC address learning restriction.

What to do if the limit on MAC address learning does not take effect
Check whether the mac-limit command has been used. The command sets the maximum number of MAC addresses learned by the switch. If the limit is set to 0 on an S2700, the S2700(excluding S2700�?2P-EI, S2700�?2P-PWR-EI, S2720 and S2750) does not learn MAC addresses. If the limit is set to 0 on other switch models, the number of learned MAC addresses is not limited.

How can I configure the limit on MAC address learning on CE switches
Run the mac-address limit maximum max-num command in the interface or VLAN view to change the maximum number of MAC addresses learned by an interface or VLAN. By default, no limit on MAC address learning is configured. The value of max-num ranges from 0 to 32767. 0 indicates that the number of MAC addresses learned by an interface or VLAN is not limited. # Configure 10GE1/0/1 to learn a maximum of 30 MAC addresses.
system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] mac-address limit maximum 30 [*HUAWEI-10GE1/0/1] commit
# Configure VLAN 10 to learn a maximum of 20 MAC addresses.
system-view [~HUAWEI] vlan 10
[*HUAWEI-vlan10] mac-address limit maximum 20 [*HUAWEI-vlan10] commit Description: After a limit on MAC address learning is configured on an interface of a CE12800 switch, the number of VLAN, VXLAN, and VSI packets received on the interface is limited by the number of learned MAC addresses. For CE8800&CE7800&CE6800&CE5800 series switches, only VXLAN packets received on an interface are not limited by the number of learned MAC addresses.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top