Loading ...
Loading ...
Loading ...
Managing MAC Address Table Security Configurations
User Guide 167
3.2.2 Limiting the Number of MAC Addresses in VLANs
â– For Certain Devices
Follow these steps to limit the number of MAC addresses in VLANs:
Step 1 configure
Enter global configuration mode.
Step 2 mac address-table vlan-security mode {drop | forward}
Specify the VLAN security mode for all the VLANs.
drop | forward: The mode that the switch adopts when the maximum number of MAC
addresses in the specified VLAN is exceeded.
drop: Packets of new source MAC addresses in the VLAN will be dropped when the maximum
number of MAC addresses in the specified VLAN is exceeded.
forward: Packets of new source MAC addresses will be forwarded but the addresses not
learned when the maximum number of MAC addresses in the specified VLAN is exceeded.
Step 3 mac address-table vlan-security vid
vid
max-learn
num
Configure the maximum number of MAC addresses in the specified VLAN and select a mode
for the switch to adopt when the maximum number is exceeded.
vid
: Specify an existing VLAN in which you want to limit the number of MAC addresses.
num
: Set the maximum number of MAC addresses in the specific VLAN. It ranges from 0 to
16383.
Step 4 end
Return to privileged EXEC mode.
Step 5 copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to limit the number of MAC addresses to 100 in VLAN
10, and configure the switch to drop packets of new source MAC addresses when the limit
is exceeded.
Switch#configure
Switch(config)#mac address-table vlan-security mode drop
Switch(config)#mac address-table vlan-security vid 10 max-learn 100
Switch(config)#show mac address-table vlan-security vid 10
VlanId Max-learn Current-learn Status
------ --------- ------------- ------
10 100 0 Drop
Switch(config)#end
Switch#copy running-config startup-config
Loading ...
Loading ...
Loading ...