Limit MAC Address Learning
Configure the MAC security feature to control traffic from specific number of MAC addresses. The total number of MAC addresses that you can configure are fixed. The switch help text shows the maximum MAC addresses a port can learn in non-SPBM configurations. In an SPBM configuration, the maximum value is reduced by half.
About this task
This feature limits the number of forwarding database (FDB) entries learned on a particular port to a user-specified value. After the number of learned forwarding database entries reaches the maximum limit, MAC learning stops on that port.
Procedure
Example
Protect the FDB from hits by too many MAC addresses:
Switch:1(config)#interface gigabitethernet 1/1 Switch:1(config-if)#mac-security limit-learning enable Switch:1(config-if)#mac-security limit-learning max-addrs 5000
Variable Definitions
Use the data in the following table to use the mac-security limit-learning command.
Variable |
Value |
---|---|
enable |
Limits the MAC learning for the port. After the number of addresses reaches the maximum, the port disables packet forwarding and drops packets. If you enable limit-learning, the FDB entry for each port is limited to the number you specify in max-addrs. |
max-addrs <1-64000> |
Specifies the maximum number of MAC addresses to learn. After the number of addresses reaches the maximum, the port disables packet forwarding and drops packets. The default is 1024. |
port {slot/port[/sub-port][-slot/port[/sub-port]][,...]} |
Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port. Use this parameter to apply the change to multiple ports without changing CLI modes. |