Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Prevention of Loops in Bridge Domains by Enabling the MAC Pinnning Feature on Access Interfaces


This example shows how to avoid loops in bridge domains by enabling the MAC pinning feature on access interfaces.


This example uses the following hardware and software components:

  • MX Series 5G Universal Routing Platforms

  • Junos OS Release 16.1 running on the routers


A MAC move occurs when a MAC address frequently appears on a different physical interface than the one it was learned on. Frequent MAC moves indicate the presence of loops. Loops can occur in Layer 2 bridges and in VPLS networks. To avoid loops, you can enable the MAC pinning feature on the interfaces. The MAC pinning feature is applicable only when dynamic learning of MAC addresses over interfaces is enabled.

This example shows how to enable MAC pinning on two access interfaces in a bridge domain.


In this example, you configure the interfaces ge-4/0/6 and xe-4/2/0 on the MX Series router as access interfaces. Access interfaces accept both untagged and tagged packets and forward the packets within a specified bridge domain, bd1. Specify 1 as the VLAN ID for the interfaces and the bridge domain. When an untagged or a tagged packet is received on any of the access interfaces, the packet is accepted, the VLAN ID is added to the packet, and the packet is forwarded within the bridge domain that is configured with the matching ID.

In the bridge domain, after specifying the VLAN ID, specify 131071 as the maximum number of MAC addresses that can be learned on the access interfaces and specify 1048575 as the size of the MAC address table for the bridge domain or VLAN.

In this topology, frequent MAC moves can occur, which can result in loops. To prevent these loops, you can configure MAC pinning. When you configure MAC pinning on an interface, the MAC address learned on the interface cannot be learned on another interface in the same bridge domain. For example, configure MAC pinning on the access interface ge-4/0/6. When a packet is received on this interface, the packet is accepted, the VLAN ID is added and the packet is forwarded within the bridge domain with the matching ID. However, if a packet with the same MAC address is received on any other access interface, say xe-4/2/0, the packet is discarded or dropped as that MAC address is pinned to the access interface ge-4/0/6 . This behavior is common to all access interfaces configured on the router, regardless of whether access pinning is enabled on the access interface or not.


CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode

To configure MAC pinning on access interfaces in bridge domains:

  1. Configure both the interfaces as access interfaces and specify the VLAN ID.
  2. Specify the name of the bridge domain.
  3. Specify the size of the MAC address table for the bridge domain.
  4. Specify the maximum number of MAC addresses that can be learned on both the access interfaces.
  5. Configure MAC pinning on both the access interfaces.


From configuration mode, confirm your configuration by entering show interfaces and show bridge-domains commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you have completed configuring the device, enter commit from the configuration mode.


Verifying That MAC Pinning Is Configured Correctly


Ensure that MAC pinning has been enabled on the access interfaces.


From operational mode, enter the show l2-learning interface command.

user@host> show l2-learning interface


The Interface flags field indicates the interfaces that have MAC pinning enabled.