Juniper JUNOS OS 10.4 - RELEASE NOTES REV 6 Release Note page 107

Hide thumbs Also See for JUNOS OS 10.4 - RELEASE NOTES REV 6:

Release note (209 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

page of 216

/ 216
Contents
Table of Contents
Bookmarks

Table of Contents

New Features in Junos OS Release 10.4 for SRX Series Services Gateways and J Series Services Routers

MAC limiting

MAC limiting—This feature is supported on SRX100, SRX210, SRX220, and SRX650

devices.

MAC limiting protects against flooding of the Ethernet switching table (also known as

the MAC forwarding table or Layer 2 forwarding table). You enable this feature on

interfaces (ports). MAC move limiting detects MAC movement and MAC spoofing on

access interfaces. You enable this feature on VLANs.

MAC limiting sets a limit on the number of MAC addresses that can be learned

dynamically on a single Layer 2 access interface or on all the Layer 2 access interfaces

on the switch.

You configure the maximum number of dynamic MAC addresses allowed per interface.

When the limit is exceeded, incoming packets with new MAC addresses are treated

as specified by the configuration.

You can choose to have one of the following actions performed when the limit of MAC

addresses or the limit of MAC moves is exceeded:

—Drop the packet and generate an alarm, an SNMP trap, or a system log entry.

drop

This is the default.

—Do not drop the packet but generate an alarm, an SNMP trap, or a system log

log

entry.

none

—Take no action.

—Disable the interface and generate an alarm. If you have configured the

shutdown

switch with the port-error-disable statement, the disabled interface recovers

automatically upon expiration of the specified disable timeout. If you have not

configured the switch for autorecovery from port error disabled conditions, you can

bring up the disabled interfaces by running the

command.

NOTE: MAC limit is only applied to new MAC learning requests. If you

already have 10 MACs learned and you configure the limit as 5, all the MACs

will remain in the FDB table. Once the MACs are cleared by the user (using

the

clear ethernet-switching table

be relearned.

MAC limiting does not apply to static MACs. Users can configure any number

of static MACs independent of the MAC limit, and all of them will be added

to FDB.

[Junos OS Layer 2 Bridging and Switching Configuration Guide for Security Devices]

clear ethernet-switching port-error

command), or they age out, they will not

107

Table of Contents

Related Products for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 6

This manual is also suitable for:

Junos os 10.4

Juniper JUNOS OS 10.4 - RELEASE NOTES REV 6 Release Note page 107

Related Manuals for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 6

Related Products for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 6

This manual is also suitable for:

Table of Contents