No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

S7700 and S9700 V200R012C00

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, VLAN aggregation, MUX VLAN, VLAN termination, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, HVRP, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring MAC Address Limiting in a VLAN

Example for Configuring MAC Address Limiting in a VLAN

Networking Requirements

In Figure 2-16, user network 1 is connected to GE1/0/1 of the Switch through LSW1, and user network 2 is connected to GE1/0/2 of the Switch through LSW2. GE1/0/1 and GE1/0/2 belong to VLAN 2. To control the number of access users, configure MAC address limiting in VLAN 2.

Figure 2-16  Configuring MAC address limiting in a VLAN

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN and add interfaces to the VLAN to implement Layer 2 forwarding.

  2. Configure MAC address limiting in the VLAN to prevent MAC address attacks and control the number of access users.

Procedure

  1. Configure MAC address limiting.

    # Add GigabitEthernet1/0/1 and GigabitEthernet1/0/2 to VLAN 2.

    <HUAWEI> system-view
    [HUAWEI] sysname Switch
    [Switch] vlan 2
    [Switch-vlan2] quit
    [Switch] interface gigabitethernet 1/0/1
    [Switch-GigabitEthernet1/0/1] port link-type hybrid
    [Switch-GigabitEthernet1/0/1] port hybrid pvid vlan 2
    [Switch-GigabitEthernet1/0/1] port hybrid untagged vlan 2
    [Switch-GigabitEthernet1/0/1] quit
    [Switch] interface gigabitethernet 1/0/2
    [Switch-GigabitEthernet1/0/2] port link-type hybrid
    [Switch-GigabitEthernet1/0/2] port hybrid pvid vlan 2
    [Switch-GigabitEthernet1/0/2] port hybrid untagged vlan 2
    [Switch-GigabitEthernet1/0/2] quit
    

    # Configure the following MAC address limiting rule in VLAN 2: A maximum of 100 MAC addresses can be learned. When the number of learned MAC address entries reaches the limit, the Switch forwards packets with new source MAC addresses and generates an alarm, but does not add the new MAC address entries to the MAC address table.

    [Switch] vlan 2
    [Switch-vlan2] mac-limit maximum 100 action forward alarm enable
    [Switch-vlan2] return
    

  2. Verify the configuration.

    # Run the display mac-limit command in any view to check whether the MAC address limiting rule is successfully configured.

    <Switch> display mac-limit
    MAC limit is enabled
    Total MAC limit rule count : 1
    
    PORT                 VLAN/VSI      SLOT Maximum Rate(ms) Action  Alarm
    ----------------------------------------------------------------------------
    -                    2                -    100     -     forward enable 
    

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 2
#
vlan 2
 mac-limit maximum 100 action forward
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid pvid vlan 2
 port hybrid untagged vlan 2
#
interface GigabitEthernet1/0/2
 port link-type hybrid
 port hybrid pvid vlan 2
 port hybrid untagged vlan 2
#
return
Translation
Download
Updated: 2019-01-18

Document ID: EDOC1100038843

Views: 107399

Downloads: 71

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next