Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

mac-move-limit

Syntax

Hierarchy Level

  • For platforms with ELS:

  • For platforms without ELS:

Description

Specify the number of times a MAC address can move to a new interface (port) in one second and the action to be taken by the switch if the MAC address move limit is exceeded.

Starting in Junos OS 14.1X53-D51, do not configure both the no-mac-learning statement at [edit ethernet-switching-options interfaces interface-name] and the mac-move-limit statement. Because MAC move limiting requires that the device learns MAC addresses, you cannot disable MAC learning.

Default

If you do not specify mac-move-limit, the default MAC address move limit is unlimited.

Options

limit limit—Maximum number of moves to a new interface per second.

  • action action—(Optional) (Available only under the hierarchy level [edit ethernet-switching-options secure-access-port vlan (all | vlan-name) mac-move-limit]) Action to take when the MAC address move limit is reached:

    • drop—Drop the packet and generate a system log entry. This is the default.

    • log—Do not drop the packet but generate a system log entry.

    • none—No action.

    • shutdown—Logically disable the interface and generate a system log entry. If you have configured the switch with the port-error-disable statement, the disabled interfaces recover automatically upon expiration of the specified disable timeout. If you have not configured the switch for autorecovery from port error disabled conditions, you can bring up the disabled interfaces by running the clear ethernet-switching port-error command.

  • packet-action action—(Optional) (Available only under the hierarchy level, [edit vlans vlan-name switch-options mac-move-limit]) Action to take when the MAC address move limit is reached:

    Note:

    There is no default action.

    • drop—Drop the packet and do not generate an alarm.

    • drop and log—Drop the packet and generate an alarm, an SNMP trap, or system log entry.

    • log— Do not drop the packet, but generate an alarm, an SNMP trap, or a system log entry.

    • none—No action.

    • shutdown—Logically disable the interface and generate an alarm or an SNMP trap. If you have configured the interface with the recovery-timeout statement, the disabled interface recovers automatically upon expiration of the specified timeout. If you have not configured the interface for a recovery timeout, you can bring up the disabled interface by running the operational command clear ethernet-switching recovery-timeout.

Required Privilege Level

system—To view this statement in the configuration.system–control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.0.

Hierarchy level [edit vlans vlan-name switch-options] introduced in Junos OS Release 13.2X50-D10. (See Using the Enhanced Layer 2 Software CLI for information about ELS.)

Related Documentation