No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
S12700 V200R010C00 Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring link aggregation, VLANs, Voice VLAN, VLAN mapping, QinQ, GVRP, MAC table, STP/RSTP/MSTP, SEP, and so on.

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring MAC Address Limiting in a VLAN

Example for Configuring MAC Address Limiting in a VLAN

Networking Requirements

In Figure 2-16, user network 1 is connected to GE1/0/1 of the Switch through LSW1, and user network 2 is connected to GE1/0/2 of the Switch through LSW2. GE1/0/1 and GE1/0/2 belong to VLAN 2. To control the number of access users, configure MAC address limiting in VLAN 2.

Figure 2-16  Example network for MAC address limiting

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN and add interfaces for Layer 2 forwarding.

  2. Configure MAC address limiting in the VLAN to prevent MAC address attacks and control access users.

Procedure

  1. Configure MAC address limiting.

    # Add GigabitEthernet1/0/1 and GigabitEthernet1/0/2 to VLAN 2.

    <HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 2
[Switch-vlan2] quit
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type hybrid
[Switch-GigabitEthernet1/0/1] port hybrid pvid vlan 2
[Switch-GigabitEthernet1/0/1] port hybrid untagged vlan 2
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] port link-type hybrid
[Switch-GigabitEthernet1/0/2] port hybrid pvid vlan 2
[Switch-GigabitEthernet1/0/2] port hybrid untagged vlan 2
[Switch-GigabitEthernet1/0/2] quit

    # Configure the following MAC address limiting rule in VLAN 2: In the following configuration, a maximum of 100 MAC addresses can be learned. When the number of learned MAC address entries reaches the limit, the Switch forwards packets with new source MAC address entries and sends an alarm, but does not add the MAC address entries to the MAC address table.

    [Switch] vlan 2
[Switch-vlan2] mac-limit maximum 100 action forward alarm enable
[Switch-vlan2] return

  2. Verify the configuration.

    # Run the display mac-limit command in any view to check whether the MAC address limiting rule is successfully configured.

    <Switch> display mac-limit
MAC limit is enabled
Total MAC limit rule count : 1

PORT                 VLAN/VSI      SLOT Maximum Rate(ms) Action  Alarm
----------------------------------------------------------------------------
-                    2                -    100     -     forward enable

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 2
#
vlan 2
 mac-limit maximum 100 action forward
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid pvid vlan 2
 port hybrid untagged vlan 2
#
interface GigabitEthernet1/0/2
 port link-type hybrid
 port hybrid pvid vlan 2
 port hybrid untagged vlan 2
#
return
Translation
简体中文
Download
Updated: 2022-05-23

Document ID: EDOC1000142081

Views: 1065532

Downloads: 901

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :