Ethernet Switching and Bridging

Limit and track MAC address movement for all VLANs in a routing instance (EX2300, EX2300-MP, EX2300-C, EX3400, EX3400-VC, EX4100-24MP, EX4300-MP, EX4400-24P, EX4650, EX4650-48Y-VC, EX9204, EX9208, and EX9214)-Starting in Junos OS Release 23.4R1, you can limit and track the number of times a MAC address moves to a new interface within a second by configuring MAC move limiting feature. If the MAC address movement exceeds the configured limit then an action can be configured, where the incoming packets can be ignored, dropped, logged, or can also be configured to shut down the interface.

If you configure MAC move limit and packet-action at the routing-instance level, then the configuration also applies to all the VLANS within that routing instance.

To configure MAC move limits at the default routing-instance level, use the following configuration:

To configure MAC move limits at a user-defined routing-instance level, use the following configuration:

If you configure MAC move limit at the VLAN level, then the VLAN’s MAC move limit and its packet action takes precedence over the routing-instance’s MAC move limit and packet-action. If a packet action is not configured at the VLAN level, then the VLAN uses the packet-action as None rather than inheriting the one configured at the routing-instance level.

If you do not want the VLAN to inherit the routing instance’s MAC move limit properties and actions, then you need to disable MAC move limit at the VLAN level. This ensures the VLAN does not inherit the routing-instance’s configured MAC move limits and all the MAC address movements will be ignored.

To disable MAC move limit for a VLAN in the default routing-instance level, use the following configuration:

To disable MAC move limit for a VLAN in a user-defined routing-instance level, use the following configuration:

You can track the MAC address movement limits applicable for each VLAN by using the following commands: