Онлайн-демонстрация
Связаться с нами
7.2. Configuring Vlan Security
Overview
Function Introduction
Vlan security feature is used to limit the total number of MAC addresses learnt in a particular vlan. The MAC addresses can be added manually, or learnt automatically. After the device reaches the limit for the number of MAC addresses on the vlan, if the vlan receives a packet with an unknown source MAC address, the configured action will take effect.
Two types of MAC addresses are supported:
Static MAC addresses: These are manually configured by users.
Dynamic MAC addresses: These are dynamically learnt.
User can set the action for unknown source MAC packets after the MAC address table count exceed max by using command line “vlan X mac-limit action”. Three types of actions are supported:
Discard: Packet with an unknown source MAC address from the vlan will be discarded and its source MAC address will not be learnt.
Warn: Packet with an unknown source MAC address from the vlan will be discarded, its source MAC address will not be learnt, but warning log will be printed in syslog.
Forward: Packets from the vlan will be forwarded without MAC learning or warning log.
MAC address learning feature can be enabled or disabled per-VLAN.
Principle Description
N/A
Configuration
Configuring vlan mac-limit
step 1 Enter the configure mode
Switch# configure terminal
step 2 Enter the vlan configure mode and create vlan, set the the maximum of MAC addresses and the action at exceeding
Switch# configure terminal
Switch(config)# vlan database
Switch(config)# vlan 2
Switch(config-vlan)# vlan 2 mac-limit maximum 100
Switch(config-vlan)# vlan 2 mac-limit action discard
Switch(config-vlan)# exit
step 3 Exit the configure mode
Switch(config)# end
step 4 Validation
Switch# show vlan-security
Vlan learning-en max-mac-count cur-mac-count action
-------------------------------------------------------
2 Enable 100 0 Discard
Configuring vlan mac learning
step 1 Enter the configure mode
Switch# configure terminal
step 2 Enter the vlan configure mode and create vlan, set the mac learning states
Switch(config)# vlan database
Switch(config)# vlan 2
Switch(config-vlan)# vlan 2 mac learning disable
Switch(config-vlan)# exit
step 3 Exit the configure mode
Switch(config)# end
step 4 Validation
Switch# show vlan-security
Vlan learning-en max-mac-count cur-mac-count action
-------------------------------------------------------
2 Disable 100 0 Discard
Application cases
N/A