The set interface gigabit-ethernet port-security mac-limit command configures the maximum number of secure MAC addresses that can be learned on an interface.
set interface gigabit-ethernet <interface-name> port-security mac-limit <mac-limit>
Specifies the physical interface name. For example, te-1/1/49, ge-1/1/1.
Specifies the maximum number of secure MAC addresses that can be learned by an interface. The value is an integer that ranges from 1 to 1024.
The default value is 1.
The MAC limit number is used to limit the number of secure MAC of the interface, including the number of dynamic secure MAC and manually configured static secure MAC. If sticky is enabled, MAC limit includes sticky secure MAC and static secure MAC.
A secure interface can learn only one secure MAC address by default. Set the maximum number of secure MAC addresses according to the actual networking requirement.
If you are trying to configure a static secure MAC address and it exceeds the MAC limit, your configuration is rejected and an error message is displayed. If it reaches the MAC limit and a new dynamic secure MAC address is learned, a violation action is triggered. For details about violation, please see set interface gigabit-ethernet port-security violation.
When setting a MAC limit value for a secure interface, and the new value is greater than the previous value, the new value overwrites the previously configured value. If the new value is less than the previous value and the number of the secure addresses on the interface exceeds the new value, the command is rejected. In this case, you can remove the secure addresses to the number less than the new MAC limit value.
- Configure the maximum number of secure MAC addresses that can be learned on an interface.