Restrictions and Usage Guidelines
MAC limiting is supported on the following interface types:
- You can apply MAC limiting only to bridge-domains.
- MAC limiting is supported for dynamic MAC addresses.
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes how to configure MAC limiting.
MAC limiting is supported on the following interface types:
Mac address limiting per bridge-domain restricts the number of MAC addresses that the router learns in bridge-domain on an EFP, pseudowire or switchport.
Note |
Local connect feature is not supported on the Cisco router. However, to simulate a local connect scenario, configure the connecting EFPs on the same bridge domain and disable the mac-learning on the bridge domain by setting the MAC limit to 0. Use the mac-address-table limit bdomain num maximum 0 action limit command to disable mac-learning on the router. |
When the total number of addresses in a bridge-domain exceeds the maximum number, the router takes a violation action. You can enable the following actions:
Note |
The threshold value must be 80% of the maximum value configured for the recovery mechanism. |
Note |
Warning is the default action when no action is configured. |
Note |
The functionality of automatic error recovery is not supported on the Cisco ASR 900 RSP2 module. |
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure terminal |
Enter global configuration mode. |
Step 2 |
mac-address-table limit bdomain id maximum num action {warning | limit | shutdown} [flood] |
Sets the specific limit and any optional actions to be imposed at the bridge-domain level. The default maximum value is 500. |
Step 3 |
end |
Return to privileged EXEC mode. |
Step 4 |
show mac-address-table limit [bdomain id] |
Displays the information about the MAC-address table. |
Step 5 |
copy running-config startup-config |
(Optional) Save your entries in the configuration file. |
This example shows how to enable per-bridge-domain MAC limiting.
Router# enable
Router# configure terminal
Router(config)# mac-address-table limit bdomain 10 maximum 100 action limit flood
Router(config)# end
Router#show mac-address-table limit bdomain 10
bdomain action flood maximum Total entries Current state
-------------+----------+------------+------------+---------------+---------------
10 limit Disable 100 0 Within Limit