MPLS Fundamentals

Limiting MAC Addresses

If the metro Ethernet sites have many hosts/switches, you need to prevent the PE routers from learning too many MAC addresses from the customers. You also need to protect the PE router from possible denial-of-service (DoS) attacks involving MAC address learning. You can limit the maximum number of MAC entries per VLAN on the PE router by entering the following command:

mac-address-table limit [vlan vlan] [maximum num] [action {warning | limit | shutdown}]
 [flood]

The options are to warn when the maximum number of MAC addresses is reached, limit them, or shut down the VLAN altogether. Example 11-14 shows what happens if more than the maximum number of MAC addresses is learned on VLAN 111 and the action is to shut down ...

Get MPLS Fundamentals now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

MPLS Fundamentals by Luc De Ghein - CCIE No. 1897

Limiting MAC Addresses

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly