Setting port security's limit on the number of MAC addresses for specific VLANs on a port
About port security's limit on the number of MAC addresses for specific VLANs on a port
Typically, port security allows the access of the following types of MAC addresses on a port:
MAC addresses that pass 802.1X or MAC authentication.
MAC addresses in the MAC authentication guest VLAN or MAC authentication critical VLAN and MAC addresses in the MAC authentication guest VSI or MAC authentication critical VSI.
MAC addresses in the 802.1X guest VLAN, 802.1X Auth-Fail VLAN, or 802.1X critical VLAN and MAC addresses in the 802.1X guest VSI, 802.1X Auth-Fail VSI, or 802.1X critical VSI.
This feature limits the number of MAC addresses that port security allows to access a port through specific VLANs. Use this feature to prevent resource contentions among MAC addresses and ensure reliable performance for each access user on the port. When the number of MAC addresses in a VLAN on the port reaches the upper limit, the device denies any subsequent MAC addresses in the VLAN on the port.
Restrictions and guidelines
On a port, the maximum number of MAC addresses in a VLAN cannot be smaller than the number of existing MAC addresses in the VLAN. If the specified maximum number is smaller, the setting does not take effect.
Procedure
Enter system view.
system-view
Enter interface view.
interface interface-type interface-number
Set port security's limit on the number of MAC addresses for specific VLANs on the port.
port-security mac-limit max-number per-vlan vlan-id-list
The default setting is 2147483647.