Commands For The Number Limitation Function

9.3 Commands for the number Limitation Function of MAC and IP in Port, VLAN

9.3.1 debug ip arp count

Command: debug ip arp count
no debug ip arp count
Function: Display the debug information if the number of dynamic ARP and the number of ARP in the VLAN is larger than the max number allowed. The no command disables the number limitation function debug of ARP in the VLAN.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Display the debug information of the number of dynamic ARP in the VLAN.
Example: Display the debug information of the number of dynamic ARP in the VLAN.

active500EM#debug vlan mac count
%Jun 14 16:04:40 2013 Current arp count 21 is more than or equal to the maximum limit in vlan 1!!
%Jun 14 16:04:40 2013Arp learning will be stopped and some arp will be delete !!

 

9.3.2 debug ipv6 nd count

Command: debug ipv6 nd count
no debug ipv6 nd count
Function: Display the debug information when the number of dynamic neighbors and the number of neighbors in the VLAN is larger than the max number allowed. The no command disables the number limitation debug.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Display the debug information of the number of dynamic neighbors in the VLAN.
Example: Display the debug information of the number of dynamic neighbors in the VLAN.

active500EM#debug vlan mac count
%Jun 14 16:04:40 2013 Current neighbor count 21 is more than or equal to the maximum limit in vlan 1!!

 

9.3.3 debug switchport arp count

Command: debug switchport arp count
no debug switchport arp count
Function: Display the debug information when the number of dynamic ARP and the number of ARP on the port is larger than the max number allowed. The no command disables the command.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Display the debug information of the number of dynamic ARP on the port.
Example: Display the debug information of the number of dynamic ARP on the port.

active500EM#debug switchport arp count
%Jun 14 16:04:40 2013 Current arp count 21 is more than or equal to the maximum limit in port Ethernet1/0/1
!!%Jun 14 16:04:40 2013 Arp learning will be stopped and some mac will be delete !!

 

9.3.4 debug switchport mac count

Command: debug switchport mac count
no debug switchport mac count
Function: Display the debug information when the number of dynamic MAC and the number of MAC on the port is larger than the max number allowed. The no command disables the command.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Display the debug information of the number of dynamic MAC on the port.
Example: Display the debug information of the number of dynamic MAC on the port.

active500EM#debug switchport mac count
%Jun 14 16:04:40 2013 Current mac count 21 is more than or equal to the maximum limit in port Ethernet1/0/1
!!%Jun 14 16:04:40 2013 Mac learning will be stopped and some mac will be delete !!

 

9.3.5 debug switchport nd count

Command: debug switchport nd count
no debug switchport nd count
Function: Display the debug information when the number of dynamic ND and the number of ND on the port is larger than the max number allowed. The no command disables the command.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Display the debug information of the number of dynamic ND on the port.
Example: Display the debug information of the number of dynamic ND on the port.

active500EM#debug switchport arp count
%Jun 14 16:04:40 2013 Current neighbor count 21 is more than or equal to the maximum limit in port Ethernet1/0/1
!!%Jun 14 16:04:40 2013 Neighbor learning will be stopped and some mac will be delete !!

 

9.3.6 debug vlan mac count

Command: debug vlan mac count
no debug vlan mac count
Function: Display the debug information when the number of dynamic MAC and the number of MAC in the VLAN is larger than the max number allowed. The no command disables the command.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Display the debug information of the number of dynamic MAC in the VLAN.
Example: Display the debug information of the number of dynamic MAC in the VLAN.

active500EM#debug vlan mac count
%Jun 14 16:04:40 2013 Current mac count 21 is more than or equal to the maximum limit in vlan 1!!
%Jun 14 16:04:40 2013 Mac learning will be stopped and some mac will be delete !!

 

9.3.7 ip arp dynamic maximum

Command: ip arp dynamic maximum <value>
no ip arp dynamic maximum
Function: Set the max number of dynamic ARP allowed in the VLAN and enable the number limitation function of dynamic ARP in the VLAN. The no command disables the command.
Parameters:

  • <value>: upper limit of the number of dynamic ARP in the VLAN. The valid range is from 1 to 4096.

Command mode: Interface Configuration Mode
Default: Disabled.
Usage guide: When configuring the max number of dynamic ARP allowed in the VLAN, the extra dynamic ARP will be deleted if the number of dynamic ARP in the VLAN is already larger than the max number to be set.
Example: Enable the number limitation function of dynamic ARP in VLAN 1, the max number to be set is 50.

active500EM(config)#interface ethernet
active500EM(config-if-vlan1)# ip arp dynamic maximum 50
Disable the number limitation function of dynamic ARP in VLAN 1.
active500EM(config-if-vlan1)#no ip arp dynamic maximum

 

9.3.8 ipv6 nd dynamic maximum

Command: ipv6 nd dynamic maximum <value>
no ipv6 nd dynamic maximum
Function: Set the max number of dynamic?neighbor allowed in the VLAN and enable the number limitation function of dynamic?neighbor in the VLAN. The no command disables the command.
Parameters:

  • <value>: upper limit of the number of dynamic?neighbor in the VLAN. The valid range is from 1 to 4096.

Command mode: Interface Configuration Mode
Default: Disabled.
Usage guide: When configuring the max number of dynamic?neighbor allowed in the VLAN, the extra dynamic?neighbor will be deleted if the number of dynamic?neighbor in the VLAN is already larger than the max number to be set.
Example: Enable the number limitation function of dynamic?neighbor in VLAN 1, the max number to be set is 50.

active500EM(config)#interface ethernet
active500EM(config-if-vlan1)#ipv6 nd dynamic maximum 50
Disable the number limitation function of dynamic NEIGHBOR in VLAN 1.
active500EM(config-if-vlan1)#no ipv6 nd dynamic maximum

 

9.3.9 mac-address query timeout

Command: mac-address query timeout <seconds>
Function: Set the timeout value of querying dynamic MAC.
Parameter:

  • <seconds>: timeout value, in second. The valid range is from 30 to 300.

Command mode: Global Mode
Default: 60 seconds.
Usage guide: After enabling the number limitation of MAC, users can use this command to configure the timeout value of querying dynamic MAC. If the data traffic is very large, the timeout value can be set to a smaller value.
Example: Set the timeout value of quering dynamic MAC to 30 seconds.

active500EM(config)#mac-address query timeout 30

 

9.3.10 show arp-dynamic count

Command: show arp-dynamic count {vlan <vlan-id> | interface [ethernet] <IFNAME>}
Function: Display the number of corresponding port and VLAN dynamic ARP.
Parameters:

  • <vlan-id>: specified vlan ID. Valid range <1-4094>.
  • <IFNAME>: Interface Name <1-16> character.

Command mode: Admin and Configuration Mode
Default: None.
Usage guide: Display the number of corresponding port and VLAN dynamic ARP.
Example: Display the number of the port and VLAN dynamic ARP which are configured using the number limitation function of ARP.

active500EM(config)#show arp-dynamic count interface ethernet 1/0/3
Port                 MaxCount        CurrentCount
--------------------------------------------------------------
 Ethernet1/0/3        5               1
--------------------------------------------------------------
active500EM(config)#show arp-dynamic count vlan 1
Vlan                 MaxCount         CurrentCount
--------------------------------------------------------------
 1                    55               15
--------------------------------------------------------------

 

9.3.11 show mac-address dynamic count

Command: show mac-address dynamic count {vlan <vlan-id> | interface [ethernet] <IFNAME>}
Function: Display the number of corresponding port and VLAN dynamic MAC.
Parameters:

  • <vlan-id>: specified VLAN ID. Valid range <1-4094>
  • <IFNAME>: Interface Name <1-16> character

Command mode: Admin and Configuration Mode
Default: None.
Usage guide: Display the number of corresponding port and VLAN dynamic MAC.
Example: Display the number of the port and VLAN dynamic MAC which are configured with the number limitation function of MAC.

active500EM(config)#show mac-address dynamic count interface ethernet 1/0/3
Port                 MaxCount            CurrentCount
----------------------------------------------------------------
 Ethernet1/0/3        5                   1
----------------------------------------------------------------
active500EM(config)#show mac-address dynamic count vlan 1
Vlan                 MaxCount            CurrentCount
----------------------------------------------------------------
 1                    55                  15
----------------------------------------------------------------

 

9.3.12 show nd-dynamic count

Command: show nd-dynamic count {vlan <vlan-id> | interface [ethernet] <IFNAME>}
Function: Display the number of corresponding port and VLAN dynamic ND.
Parameters:

  • <vlan-id>: specified VLAN ID. Valid range <1-4094>
  • <IFNAME>: Interface Name <1-16> character

Command mode: Admin and Configuration Mode
Default: None.
Usage guide: Display the number of corresponding port and VLAN dynamic ND.
Example: Display the number of the port and VLAN dynamic ND which are configured with the number limitation function of ND.

active500EM(config)#show nd-dynamic count interface ethernet 1/0/3
Port                 MaxCount            CurrentCount
--------------------------------------------------------------------------
 Ethernet1/0/3         5                   1
--------------------------------------------------------------------------
active500EM(config)#show nd-dynamic count vlan 1
Vlan                 MaxCount            CurrentCount
--------------------------------------------------------------------------
 1                     55                  15
--------------------------------------------------------------------------

 

9.3.13 switchport arp dynamic maximum

Command: switchport arp dynamic maximum <value>
no switchport arp dynamic maximum
Function: Set the max number of dynamic ARP allowed by the port, and enable the number limitation function of dynamic ARP on the port. The no command disables the command.
Parameters:

  • <value>: upper limit of the number of port dynamic ARP. The valid range is from 1 to 4096.

Command mode: Port Mode
Default: Disabled.
Usage guide: When configuring the max number of dynamic ARP allowed by the port, the extra dynamic ARP will be deleted if the number of dynamic ARP on the port is already larger than the max number set. TRUNK ports are not supported with this function.
Example: Enable the number limitation function of dynamic ARP in port 1/0/2 mode, the max number to be set is 20.

active500EM(config)#interface ethernet 1/0/2
active500EM(config-if-ethernet1/0/2)#switchport arp dynamic maximum 20

Disable the number limitation function of dynamic ARP in port 1/0/2 mode.

active500EM(config-if-ethernet1/0/2)#no switchport arp dynamic maximum

 

9.3.14 switchport mac-address dynamic maximum

Command: switchport mac-address dynamic maximum <value>
no switchport mac-address dynamic maximum
Function: Set the max number of dynamic MAC addresses allowed by the port and enable the number limitation function of dynamic MAC address on the port. The no command disables the command.
Parameters:

  • <value>: upper limit of the number of dynamic MAC addresses of the port. The valid range is from 1 to 4096.

Command mode: Port Mode
Default: Disabled.
Usage guide: When configuring the max number of dynamic MAC addresses allowed by the port, the extra dynamic MAC addresses will be deleted if the number of dynamically learned MAC address on the port is already larger than the max number of dynamic MAC address to be set. This function is mutually exclusive to functions such as dot1x, MAC binding. If dot1x, MAC binding or TRUNK are enabled on the port, this command will not be allowed.
Example: Enable the number limitation function of dynamic MAC addresses in port 1/0/2 mode, the max number to be set is 20.

active500EM(config)#interface ethernet 1/0/2
active500EM(config-if-ethernet1/0/2)#switchport mac-address dynamic maximum 20

Disable the number limitation function of dynamic MAC address in port 1/0/2 mode

active500EM(config-if-ethernet1/0/2)#no switchport mac-address dynamic maximum

 

9.3.15 switchport mac-address violation

Command: switchport mac-address violation {protect | shutdown} [recovery <5-3600>] no switchport mac-address violation
Function: Set the violation mode of the port. The no command restores the violation mode to protect.
Parameters:

  • protect: protect mode.
  • shutdown: shutdown mode.
  • recovery: configure the border port to automatically restore after execute.
  • shutdown: violation mode.
  • <5-3600>: recovery time, do not restore by default

Command mode: Port Mode
Default: Protect mode.
Usage guide: The port sets the violation mode after enabling the number limit function of MAC only. If the violation mode is protect, the port will only disable the dynamic MAC address learning function when the MAC address number of the port exceeds the upper limit of secure MAC. If the violation mode is shutdown, the port will be disabled when the MAC address number exceeds the upper limit of secure MAC. The user can enable the port by configuring the no shutdown command manually or the automatic recovery timeout will be used.
Example: Set the violation mode as shutdown, the recovery time as 60s for port1.

active500EM(config)#interface Ethernet 1/0/1
active500EM(config-if-ethernet1/0/1)#switchport mac-address violation shutdown recovery 60

 

9.3.16 switchport nd dynamic maximum

Command: switchport nd dynamic maximum <value>
no switchport nd dynamic maximum
Function: Set the max number of dynamic NEIGHBOR allowed by the port and enable the number limitation function of dynamic NEIGHBOR on the port. The no command is used to disable the number limitation function of dynamic NEIGHBOR on the port.
Parameters:

  • <value>: upper limit of the number of dynamic NEIGHBOR of the port. The valid range is from 1 to 4096.

Command mode: Port Mode
Default: Disabled.
Usage guide: When configuring the max number of dynamic NEIGHBOR allowed by the port, the extra dynamic NEIGHBOR will be deleted if the number of dynamic NEIGHBORs on the port is already larger than the max number to be set. TRUNK ports are not supports with this command.
Example: Enable the number limitation function of dynamic NEIGHBOR in port 1/0/2 mode. Set the max number to 20.

active500EM(config)#interface ethernet 1/0/2
active500EM(config-if-ethernet1/0/2)#switchport nd dynamic maximum 20

Disable the number limitation function of dynamic NEIGHBOR in port 1/0/2 mode

active500EM(config-if-ethernet1/0/2)#no switchport nd dynamic maximum

 

9.3.17 vlan mac-address dynamic maximum

Command: vlan mac-address dynamic maximum <value>
no vlan mac-address dynamic maximum
Function: Set the max number of dynamic MAC address allowed in the VLAN and enable the number limitation function of dynamic MAC address in the VLAN. The no command disables the command.
Parameters:

  • <value>: upper limit of the number of MAC address in the VLAN. The valid range is from 1 to 4096.

Command mode: VLAN Configuration Mode
Default: Disabled.
Usage guide: When configuring the max number of dynamic MAC allowed in the VLAN, the extra dynamic MAC addresses will be deleted if the number of dynamic MAC addresses in the VLAN is already larger than the max number to be set. After enabling number limitation function of dynamic MAC in the VLAN, the number limitation of MAC is only applied to the general access port. The number of MAC on TRUNK ports and special ports which has enabled dot1x and MAC binding functions will not be limited or counted.
Example: Enable the number limitation function of dynamic MAC address in VLAN 1. Set the max number to 50.

active500EM(config)#vlan1
active500EM(config-if-vlan1)#vlan mac-address dynamic maximum 50

Disable the number limitation function of dynamic MAC address in VLAN 1.

active500EM(config-if-vlan1)#no vlan mac-address dynamic maximum

 


Return to Controller Wired CLI Table of Contents