This command enables VLAN port security. VLAN MAC locking allows you to secure the network by locking down allowable MAC addresses on a given VLAN. Packets with a matching source MAC address can be forwarded normally. All other packets will be discarded. VLAN MAC locking will lock the dynamic MAC entries.
If VLAN and port MAC locking are enabled, VLAN MAC locking will be given precedence over port MAC locking.
| Default | Disabled |
| Format | mac-address-table limit [action shutdown] [notification trap ] [maximum-num] [vlan vlan-id] |
| Mode | Global Config |
| Parameter | Description |
|---|---|
| [action shutdown] | After the MAC limit has been reached, the action will shut down the ports participating in the VLAN. |
| [notification trap] | Enables snmp-server enable traps violation on the ports participating in the VLAN. After the MAC limit has been reached, log message will be generated with the violation MAC address details. |
| [maximum-num] | MAC limit to be configured. |
| [vlan vlan] | VLAN on which the MAC limit is to be applied.
Note: Packets on all other VLAN will be discarded.
|
Example: The following shows an example of the command.
(Routing) (Config)#mac-address-table limit 3 vlan 10 (Routing) (Config)#mac-address-table limit action shutdown 5 vlan 20 (Routing) (Config)#mac-address-table limit notification trap 4 vlan 30 (Routing) (Config)#mac-address-table limit action shutdown notification trap 6 vlan 100
