Umber, Imitation, Unction of – PLANET WGSW-50040 User Manual

26-3

26.3 The Number Limitation Function of Port, MAC in VLAN

Typical Examples

Figure

26-1 The Number Limitation of Port, MAC in VLAN Typical Configuration Example

In the network topology above, SWITCH B connects to many PC users, before enabling the number limitation

function of port, MAC in VLAN, if the system hardware has no other limitation, SWTICH A and SWTICH B can

get the MAC list entries of all the PC, so limiting the MAC list entry can avoid DOS attack to a certain extent.

When malicious users frequently do MAC cheating, it will be easy for them to fill the MAC list entries of the

switch, causing successful DOS attacks. Limiting the MAC list entry can prevent DOS attack.

On port 1/1 of SWITCH A, set the max number can be learnt of dynamic MAC address as 20. In VLAN 1, set

the max number of dynamic MAC address as 30.

SWITCH A configuration task sequence:

Switch (config)#interface ethernet 1/1

Switch (Config-If-Ethernet1/1)#switchport mac-address dynamic maximum 20

Switch (Config-If-Ethernet1/1)#switchport arp dynamic maximum 20

Switch (Config-If-Ethernet1/1)#switchport nd dynamic maximum 10

Switch (Config-if-Vlan1)#vlan mac-address dynamic maximum 30

26.4 The Number Limitation Function of Port, MAC in VLAN

Troubleshooting Help

The number limitation function of port, MAC in VLAN is disabled by default, if users need to limit the number of

SWITCH A

SWITCH B

PC

PC

PC

PC

PC

………