No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
CloudEngine 12800 and 12800E V200R019C10 Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, M-LAG, VLAN, QinQ, VLAN mapping, GVRP, STP/RSTP, MSTP, VBST, ERPS (G.8032), LBDT, and Layer 2 protocol transparent transmission.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring MAC Address Learning in a VLAN

Example for Configuring MAC Address Learning in a VLAN

Networking Requirements

As shown in Figure 2-11, user network 1 is connected to Switch on the 10GE1/0/1 through an LSW. User network 2 is connected to Switch on the 10GE1/0/2 through another LSW. Both 10GE1/0/1 and 10GE1/0/2 belong to VLAN 2. To prevent MAC address attacks and limit the number of access users on the device, limit MAC address learning on all the interfaces in VLAN 2.

Figure 2-11 Networking diagram for MAC address limiting in a VLAN

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN and add an interface to the VLAN to implement Layer 2 forwarding.

  2. Limit MAC address learning on all the interfaces in the VLAN to prevent MAC address attacks and limit the number of access users.

Procedure

  1. Limit MAC address learning.

    # Add 10GE1/0/1 and 10GE1/0/2 to VLAN 2.

    <HUAWEI> system-view
[~HUAWEI] sysname Switch
[*HUAWEI] commit
[~Switch] vlan 2
[*Switch-vlan2] quit
[*Switch] interface 10ge 1/0/1
[*Switch-10GE1/0/1] port link-type trunk
[*Switch-10GE1/0/1] port trunk allow-pass vlan 2
[*Switch-10GE1/0/1] quit
[*Switch] interface 10ge 1/0/2
[*Switch-10GE1/0/2] port link-type trunk
[*Switch-10GE1/0/2] port trunk allow-pass vlan 2
[*Switch-10GE1/0/2] quit
[*Switch] commit

    # Configure the following MAC address limiting rule in VLAN 2: A maximum of 100 MAC addresses can be learned. When the number of learned MAC addresses reaches the limit, the device sends an alarm.

    [~Switch] vlan 2
[~Switch-vlan2] mac-address limit maximum 100 alarm enable
[*Switch-vlan2] quit
[*Switch] commit

  2. Verify the configuration.

    # Run the display mac-address limit command in any view to check whether the MAC address limiting rule is successfully configured.

    [~Switch] display mac-address limit
MAC Address Limit is enabled
Total MAC Address limit rule count : 1
                                                                 
Port                 VLAN/VSI/SI/BD      Slot Maximum Action  Alarm             
-------------------------------------------------------------------
--                   2                   --   100     forward enable

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 2
#
vlan 2
 mac-address limit maximum 100
#
interface 10GE1/0/1
 port link-type trunk
 port trunk allow-pass vlan 2
#
interface 10GE1/0/2
 port link-type trunk
 port trunk allow-pass vlan 2
#
return
Translation
简体中文
Download
Updated: 2021-04-01

Document ID: EDOC1100138135

Views: 139787

Downloads: 84

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :