Limiting MAC Addresses Learned from a Layer 2 Trunk Port
You can configure a limit on the number of MAC addresses learned from a trunk port or from a specific trunk or access interface.
To limit the number of MAC addresses learned through
a trunk port associated with a set of bridge domains, include the interface-mac-limit limit statement at
the [edit switch-options] hierarchy level:
[edit] switch-options { interface-mac-limit limit; }
To limit the number of MAC addresses learned from a specific
logical interface configured as an access interface or a trunk interface,
include the interface-mac-limit limit statement at the [edit switch-options interface interface-name] hierarchy level:
[edit] switch-options { interface interface-name { interface-mac-limit limit; } }
The default value for the number MAC addresses that can be learned from a logical interface is 1024. You can specify a limit either for a set of bridge domains or for a specific logical interface in the range from 1 through 131,071. The value you configure for a specific logical interface overrides any value you specify for the set of bridge domains.
After the specified MAC address limit is reached, the
default is for any incoming packets with a new source MAC address
to be forwarded. You can specify that the packets be dropped for the
entire virtual switch after the MAC address limit is reached by including
the packet-action drop statement at the [edit switch-options
interface-mac-limit limit] hierarchy level:
[edit switch-options interface interface-name interface-mac-limit limit] packet-action drop;
To specify that the packets be dropped from a specific
logical interface in a set of bridge domains with a trunk port after
the MAC address limit is reached, include the packet-action drop statement at the [edit routing-instances routing-instance-name interface interface-name interface-mac-limit limit] hierarchy level:
[edit routing-instances routing-instance-name interface interface-name interface-mac-limit limit] packet-action drop;