Reference Guide
Layer 2 | 501
• mac learning-limit dynamic
• mac learning-limit mac-address-sticky
• mac learning-limit station-move
• mac learning-limit no-station-move
• Learning Limit Violation Actions
• Station Move Violation Actions
• Recovering from Learning Limit and Station Move Violations
• NIC Teaming
MAC Address Learning Limit is a method of port security on Layer 2 port-channel and physical interfaces,
and VLANs. It enables you to set an upper limit on the number of MAC addresses that learned on an
interface/VLAN. After the limit is reached, the system drops all traffic from a device with an unlearned
MAC address.
To set a MAC learning limit on an interface:
Three options are available with the mac learning-limit command: dynamic, no-station-move, and
station-move.
FTOS Behavior: When configuring MAC Learning Limit on a port or VLAN the configuration is
accepted (becomes part of running-config and show mac learning-limit interface) before the system
verifies that sufficient CAM space exists. If the CAM check fails, the a message is displayed:
%E90MH:5 %ACL_AGENT-2-ACL_AGENT_LIST_ERROR: Unable to apply access-list Mac-Limit on
GigabitEthernet 5/84
In this case, the configuration is still present in the running-config and show output. Remove the configuration
before re-applying a MAC learning limit with lower value. Also, ensure that Syslog messages can be viewed on
your session.
Note: The CAM-check failure message beginning in FTOS version 8.3.1.0 is different from versions
8.2.1.1 and earlier, which read:
% Error: ACL returned error
% Error: Remove existing limit configuration if it was configured before
Task Command Syntax Command Mode
Specify the number of MAC addresses that the system
can learn off a Layer 2 interface.
mac learning-limit address_limit INTERFACE
Note: An SNMP trap is available for mac learning-limit station-move. No other SNMP traps are available
for MAC Learning Limit, including limit violations.