Configuring the MAC Address Limiting Function

Enterprise

Worldwide

- Türkçe

History
Popular search
Switches Routers Servers Storage Data Center Energy Cloud Computing
Quick access
Recommended

Configuring the MAC Address Limiting Function

Context

The MAC address limiting function controls the number of access users to prevent MAC addresses from hackers.

An insecure network is vulnerable to MAC address attacks. When hackers send a large number of forged packets with different source MAC addresses to the switch, the MAC address table of the switch will be filled with useless MAC address entries. As a result, the switch cannot learn source MAC addresses of valid packets.

You can limit the number of MAC address entries learned on the switch. When the number of learned MAC address entries reaches the limit, the switch does not learn new MAC address entries. You can also configure an action to take when the number of MAC address entries reaches the limit. This prevents MAC address attacks and improves network security.

Procedure

Limit the number of MAC address entries learned on an interface.
1. Run system-view
  The system view is displayed.
2. Run interface interface-type interface-number
  The interface view is displayed.
3. Run mac-address limit maximum max-num
  The maximum number of MAC address entries that can be learned on the interface is set.
  
  By default, the number of MAC address entries learned on an interface is not limited.
4. Run mac-address limit alarm { disable | enable }
  The switch is configured to or not to generate an alarm when the number of learned MAC address entries reaches the limit.
  
  By default, the switch generates an alarm when the number of learned MAC address entries reaches the limit.
5. Run commit
  The configuration is committed.
Limit the number of MAC address entries learned in a VLAN.
1. Run system-view
  The system view is displayed.
2. Run vlan vlan-id
  The VLAN view is displayed.
3. Run mac-address limit maximum max-num
  The maximum number of MAC address entries learned in the VLAN is set.
  
  By default, the number of MAC address entries learned in a VLAN is not limited.
4. Run mac-address limit action { discard | forward }
  The action to be taken on packets with unknown source MAC addresses is configured when the number of learned MAC address entries reaches the limit.
  
  By default, the device forwards packets with unknown source MAC addresses after the number of learned MAC address entries reaches the limit.
5. Run mac-address limit alarm { disable | enable }
  The switch is configured to or not to generate an alarm when the number of learned MAC address entries reaches the limit.
  
  By default, the switch generates an alarm when the number of learned MAC address entries reaches the limit.
6. Run commit
  The configuration is committed.

Verifying the Configuration

Run the display mac-address limit command to check limiting on MAC address learning.

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, M-LAG, VLAN, QinQ, VLAN mapping, GVRP, STP/RSTP, MSTP, VBST, ERPS (G.8032), LBDT, and Layer 2 protocol transparent transmission.

Context

Procedure

Verifying the Configuration

Related Version

Related Documents