• Download PDFs
• Verifying That MAC Move Limiting Is Working Correctly  

• Related Topics
• Configuring MAC Move Limiting (CLI Procedure)
• Configuring MAC Move Limiting (J-Web Procedure)
• Example: Configuring Port Security, with DHCP Snooping, DAI, MAC Limiting, and MAC Move Limiting, on an EX-series Switch
• Monitoring Port Security

Verifying That MAC Move Limiting Is Working Correctly

Purpose

Verify that MAC move limiting is working on the switch.

Action

Display the MAC addresses in the Ethernet switching table when MAC move limiting has been configured for a VLAN. The following sample shows results after two of the hosts on ge-0/0/2 sent DHCP requests after the MAC addresses for those hosts had moved to other interfaces more than five times in 1 second. The VLAN, employee-vlan, was set to a MAC move limit of 5 with the action drop:

Ethernet-switching table:  7 entries, 4 learned

  VLAN                 MAC address         Type         Age    Interfaces

  employee-vlan        00:05:85:3A:82:77   Learn          0    ge-0/0/1.0
  employee-vlan        00:05:85:3A:82:79   Learn          0    ge-0/0/1.0
  employee-vlan        00:05:85:3A:82:80   Learn          0    ge-0/0/2.0
  employee-vlan        00:05:85:3A:82:81   Learn          0    ge-0/0/2.0
  employee-vlan        *                   Flood          -    ge-0/0/2.0
  employee-vlan        *                   Flood          -    ge-0/0/2.0
  

Meaning

The last two lines of the sample output show that DHCP requests for two hosts on ge-/0/0/2 were dropped when the hosts had been moved back and forth from the original interfaces more than five times in 1 second. The MAC addresses for those hosts were not learned.

Note: For descriptions of the results of the various action settings—drop, log, and shutdown—see Verifying That MAC Limiting Is Working Correctly