Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

mac-move-limit

 

Syntax

Hierarchy Level

  • For platforms with ELS:

  • For platforms without ELS:

Release Information

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Hierarchy level [edit vlans vlan-name switch-options] introduced in Junos OS Release 13.2X50-D10. (See Using the Enhanced Layer 2 Software CLI for information about ELS.)

Description

Specify the number of times a MAC address can move to a new interface (port) in one second and the action to be taken by the switch if the MAC address move limit is exceeded.

Default

If you do not specify mac-move-limit, the default MAC address move limit is unlimited.

Options

limit limit—Maximum number of moves to a new interface per second.

  • action action—(Optional) (Available only under the hierarchy level [edit ethernet-switching-options secure-access-port vlan (all | vlan-name) mac-move-limit]) Action to take when the MAC address move limit is reached:

    • drop—Drop the packet and generate a system log entry. This is the default.

    • log—Do not drop the packet but generate a system log entry.

    • none—No action.

    • shutdown—Logically disable the interface and generate a system log entry. If you have configured the switch with the port-error-disable statement, the disabled interfaces recover automatically upon expiration of the specified disable timeout. If you have not configured the switch for autorecovery from port error disabled conditions, you can bring up the disabled interfaces by running the clear ethernet-switching port-error command.

  • packet-action action—(Optional) (Available only under the hierarchy level, [edit vlans vlan-name switch-options mac-move-limit]) Action to take when the MAC address move limit is reached:

    Note

    There is no default action.

    • drop—Drop the packet and do not generate an alarm.

    • drop and log—Drop the packet and generate an alarm, an SNMP trap, or system log entry.

    • log— Do not drop the packet, but generate an alarm, an SNMP trap, or a system log entry.

    • none—No action.

    • shutdown—Logically disable the interface and generate an alarm or an SNMP trap. If you have configured the interface with the recovery-timeout statement, the disabled interface recovers automatically upon expiration of the specified timeout. If you have not configured the interface for a recovery timeout, you can bring up the disabled interface by running the operational command clear ethernet-switching recovery-timeout.

Required Privilege Level

system—To view this statement in the configuration.

system–control—To add this statement to the configuration.