Disabling mac address learning for a vlan, Disabling mac address learning for a vlan -7 – H3C Technologies H3C WX3000 Series Unified Switches User Manual

21-7

dynamically maintain. When the number of the MAC address entries learnt from a port reaches the set
value, the port stops learning MAC addresses.

Follow these steps to set the maximum number of MAC addresses a port can learn:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter Ethernet port view

interface interface-type
interface-number

—

Set the maximum number of MAC
addresses the port can learn

mac-address max-mac-count
count

Required
By default, the number of the MAC
addresses a port can learn is not
limited.

Specifying the maximum number of MAC addresses a port can learn disables centralized MAC address
authentication and port security on the port. On the other hand, if you enable centralized MAC address
authentication and port security on a port, you cannot specify the maximum number of MAC addresses
the port can learn.

Disabling MAC Address learning for a VLAN

You can disable a switch from learning MAC addresses in specific VLANs to improve stability and
security for the users belong to these VLANs and prevent unauthorized accesses.

Follow these steps to disable MAC address learning for a VLAN:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter VLAN view

vlan

vlan-id —

Disable the switch from learning
MAC addresses in the VLAN

mac-address max-mac-count

0

Required
By default, the device learns MAC
addresses in every VLAN.

z

If the VLAN is configured as a remote probe VLAN used by port mirroring, you can not disable MAC
address learning of this VLAN. Similarly, after you disable MAC address learning, this VLAN can
not be configured as a remote probe VLAN.

z

Disabling the MAC address learning function of a VLAN takes no effect on enabling the centralized
MAC address authentication on the ports that belong to the VLAN.