No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR100-S, AR110-S, AR120-S, AR150-S, AR160-S, AR200-S, AR1200-S, AR2200-S, and AR3200-S V200R009 CLI-based Configuration Guide - Ethernet Switching

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a MAC Address Learning Rule in a VLAN

Example for Configuring a MAC Address Learning Rule in a VLAN

Networking Requirements

As shown in Figure 1-10, Ethernet2/0/1 and Ethernet2/0/2 of the Router are connected to LSWs. The LSWs are connected to users, including a few IP phone users and many computer users. IP phone users are in VLAN 100, and computer users are in VLAN 200. To prevent MAC address attacks and save MAC address table space, configure a rule to limit the number of MAC addresses learned in VLAN 200.

Figure 1-10  Networking diagram for MAC address limiting in a VLAN

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create VLANs on the Router and add the interfaces to the VLANs.

  2. Set the limit on the number of MAC addresses learned in the VLAN 200.

Procedure

  1. Configure a MAC address limiting rule in the VLAN 200.

    # Add Ethernet2/0/1 to VLAN 100 and VLAN 200; add Ethernet2/0/2 to VLAN 200.

    <Huawei> system-view
    [Huawei] vlan batch 100 200
    [Huawei] interface ethernet 2/0/1
    [Huawei-Ethernet2/0/1] port link-type trunk
    [Huawei-Ethernet2/0/1] port trunk allow-pass vlan 100 200
    [Huawei-Ethernet2/0/1] quit
    [Huawei] interface ethernet 2/0/2
    [Huawei-Ethernet2/0/2] port link-type trunk
    [Huawei-Ethernet2/0/2] port trunk allow-pass vlan 200
    [Huawei-Ethernet2/0/2] quit
    
    # Configure the following MAC address limiting rule in VLAN 200:
    • A maximum of 500 MAC addresses can be learned.
    • When the number of learned MAC address entries reaches the limit, the Router forwards packets with new source MAC addresses and generates an alarm, but does not add the new MAC addresses to the MAC address table.
    [Huawei] vlan 200
    [Huawei-vlan200] mac-limit maximum 500 alarm enable
    [Huawei-vlan200] quit

  2. Verify the configuration.

    # Run the display mac-limit command in any view to check whether the MAC address limiting rule is successfully configured.

    <Huawei> display mac-limit
    -----------------------------------------------------------------------
    PORT                     VLAN      Maximum      Action      Alarm
    -----------------------------------------------------------------------
    -                        200       500          forward     enable
    
    -----------------------------------------------------------------------
    

Configuration Files

Router configuration file

#
vlan batch 100 200
#
vlan 200
 mac-limit maximum 500
#
interface Ethernet2/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
interface Ethernet2/0/2
 port link-type trunk
 port trunk allow-pass vlan 200
#
return
Translation
Download
Updated: 2019-05-17

Document ID: EDOC1000174108

Views: 62421

Downloads: 50

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next