Table of Contents
Advertisement
Actions for MAC Limiting and MAC Move Limiting
MAC Addresses That Exceed the MAC Limit or MAC Move Limit
Related
Documentation
Copyright © 2010, Juniper Networks, Inc.
You can choose to have one of the following actions performed when the limit of MAC
addresses or the limit of MAC moves is exceeded:
drop
—Drop the packet and generate an alarm, an SNMP trap, or a system log entry.
This is the default.
—Do not drop the packet but generate an alarm, an SNMP trap, or a system log
log
entry.
none
—Take no action.
—Disable the interface and generate an alarm. If you have configured the
shutdown
switch with the
port-error-disable
automatically upon expiration of the specified disable timeout. If you have not
configured the switch for autorecovery from port error disabled conditions, you can
bring up the disabled interfaces by running the
command.
See descriptions of results of these various action settings in "Verifying That MAC Limiting
Is Working Correctly" on page 2937.
If you have set a MAC limit to apply to all interfaces on the switch, you can override that
setting for a particular interface by specifying action
on an Interface to Override a MAC Limit Applied to All Interfaces (CLI Procedure)" on
page 2922.
If you have configured the
are temporarily disabled due to exceeding the MAC limit or MAC move limit in the output
for the
show ethernet-switching interfaces
The log messages that indicate the MAC limit or MAC move limit has been exceeded
include the offending MAC addresses that have exceeded the limit. See "Troubleshooting
Port Security" on page 2945 for details.
Port Security for EX Series Switches Overview on page 2825
Example: Configuring MAC Limiting, Including Dynamic and Allowed MAC Addresses,
to Protect the Switch from Ethernet Switching Table Overflow Attacks on page 2856
Example: Configuring MAC Limiting to Protect the Switch from DHCP Starvation Attacks
on page 2863
Configuring MAC Limiting (CLI Procedure) on page 2915
Configuring MAC Limiting (J-Web Procedure) on page 2917
Configuring Autorecovery From the Disabled State on Secure or Storm Control Interfaces
(CLI Procedure) on page 2796
no-allowed-mac-log on page 2966
statement, the disabled interface recovers
clear ethernet-switching port-error
statement, you can view which interfaces
port-error-disable
command.
Chapter 93: Port Security Overview
none
. See "Setting the none Action
2839
Advertisement
Chapters
Table of Contents
Troubleshooting
