• Download PDFs
• Configuring MAC Move Limiting (CLI Procedure)  

• Related Topics
• Configuring MAC Move Limiting (J-Web Procedure)
• Example: Configuring Port Security, with DHCP Snooping, DAI, MAC Limiting, and MAC Move Limiting, on an EX-series Switch
• Verifying That MAC Move Limiting Is Working Correctly
• Monitoring Port Security
• Understanding MAC Limiting and MAC Move Limiting for Port Security on EX-series Switches

Configuring MAC Move Limiting (CLI Procedure)

MAC move limiting detects MAC address movement and MAC address spoofing on access ports. It prevents hosts whose MAC addresses have not been learned by the EX-series switch from accessing the network.

You configure MAC move limiting for each VLAN, not for each interface (port). In the default configuration, the MAC move limit for each VLAN is unlimited. The default action that the switch will take if a limit is set and then that limit is exceeded is none.

To configure a MAC move limit on a specific VLAN or on all VLANs, using the CLI:

• On a single VLAN (here, the VLAN is employee-vlan):
  [edit ethernet-switching-options secure-access-port]
user@switch# set vlan employee–vlan mac-move-limit 5 action drop
• On all VLANs:
  [edit ethernet-switching-options secure-access-port]
set vlan all mac–move-limit 5 action drop