Configuring MAC Move Limiting (CLI Procedure)
MAC move limiting detects MAC address movement and MAC address spoofing on access
ports. MAC address movements are tracked, and if a MAC address moves more than the
configured number of times within one second, the configured (or default) action is
performed. You enable this feature on VLANs.
NOTE:
Although you enable this feature on VLANs, the MAC move limitation
pertains to the number of movements for each individual MAC address rather
than the total number of MAC address moves in the VLAN. For example, If
the MAC move limit is set to 1, the switch allows an unlimited number of MAC
address movements within the VLAN as long as the same MAC address does
not move more than once.
You configure MAC move limiting per VLAN, not per interface (port). In the default
configuration, the number of MAC moves permitted is unlimited.
You can choose to have one of the following actions performed when the MAC move
limit is exceeded:
•
drop
—Drop the packet and generate an alarm, an SNMP trap, or a system log entry.
This is the default.
•
log
—Do not drop the packet but generate an alarm, an SNMP trap, or a system log
entry.
•
none
—Take no action.
•
shutdown
—Disable the interfaces in the VLAN and generate an alarm. If you have
configured the switch with the port-error-disable statement, the disabled interfaces
recover automatically upon expiration of the specified disable timeout. If you have not
configured the switch for autorecovery from port error disabled conditions, you can
bring up the disabled interfaces by running the
clear ethernet-switching port-error
command.
2919
Copyright © 2010, Juniper Networks, Inc.
Chapter 95: Configuring Port Security
Summary of Contents for JUNOS OS 10.3 - SOFTWARE
Page 325: ...CHAPTER 17 Operational Mode Commands for System Setup 229 Copyright 2010 Juniper Networks Inc ...
Page 1323: ...CHAPTER 56 Operational Mode Commands for Interfaces 1227 Copyright 2010 Juniper Networks Inc ...
Page 2841: ...CHAPTER 86 Operational Commands for 802 1X 2745 Copyright 2010 Juniper Networks Inc ...
Page 3367: ...CHAPTER 113 Operational Mode Commands for CoS 3271 Copyright 2010 Juniper Networks Inc ...
Page 3435: ...CHAPTER 120 Operational Mode Commands for PoE 3339 Copyright 2010 Juniper Networks Inc ...
Page 3529: ...CHAPTER 126 Operational Mode Commands for MPLS 3433 Copyright 2010 Juniper Networks Inc ...