Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Join Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions as they discuss ongoing efforts to support digital transformation.
Register to attend
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Join us for an enlightening webinar with Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; retail guru Jack Stratten of Insider Trends; and Christian Gilby, Director of Product Marketing at Juniper Networks, as they discuss the future of in-store technologies.
Reserve my spot

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS Layer 2 VPNs and VPLS User Guide for Routing Devices Configuring VPLS Configuring Load Balancing and Performance

Layer 2 VPNs and VPLS User Guide for Routing Devices

keyboard_arrow_up
close
keyboard_arrow_left
Layer 2 VPNs and VPLS User Guide for Routing Devices
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

Example: Prevention of Loops in Bridge Domains by Enabling the MAC Pinnning Feature on Access Interfaces

date_range 23-Nov-23
arrow_backward
arrow_forward

This example shows how to avoid loops in bridge domains by enabling the MAC pinning feature on access interfaces.

Requirements

This example uses the following hardware and software components:

  • MX Series 5G Universal Routing Platforms

  • Junos OS Release 16.1 running on the routers

Overview

A MAC move occurs when a MAC address frequently appears on a different physical interface than the one it was learned on. Frequent MAC moves indicate the presence of loops. Loops can occur in Layer 2 bridges and in VPLS networks. To avoid loops, you can enable the MAC pinning feature on the interfaces. The MAC pinning feature is applicable only when dynamic learning of MAC addresses over interfaces is enabled.

This example shows how to enable MAC pinning on two access interfaces in a bridge domain.

Topology

In this example, you configure the interfaces ge-4/0/6 and xe-4/2/0 on the MX Series router as access interfaces. Access interfaces accept both untagged and tagged packets and forward the packets within a specified bridge domain, bd1. Specify 1 as the VLAN ID for the interfaces and the bridge domain. When an untagged or a tagged packet is received on any of the access interfaces, the packet is accepted, the VLAN ID is added to the packet, and the packet is forwarded within the bridge domain that is configured with the matching ID.

In the bridge domain, after specifying the VLAN ID, specify 131071 as the maximum number of MAC addresses that can be learned on the access interfaces and specify 1048575 as the size of the MAC address table for the bridge domain or VLAN.

In this topology, frequent MAC moves can occur, which can result in loops. To prevent these loops, you can configure MAC pinning. When you configure MAC pinning on an interface, the MAC address learned on the interface cannot be learned on another interface in the same bridge domain. For example, configure MAC pinning on the access interface ge-4/0/6. When a packet is received on this interface, the packet is accepted, the VLAN ID is added and the packet is forwarded within the bridge domain with the matching ID. However, if a packet with the same MAC address is received on any other access interface, say xe-4/2/0, the packet is discarded or dropped as that MAC address is pinned to the access interface ge-4/0/6 . This behavior is common to all access interfaces configured on the router, regardless of whether access pinning is enabled on the access interface or not.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

content_copy zoom_out_map
set interfaces ge-4/0/6 encapsulation ethernet-bridge
set interfaces ge-4/0/6 unit 0 family bridge interface-mode access
set interfaces ge-4/0/6 unit 0 family bridge vlan-id 1
set interfaces xe-4/2/0 encapsulation ethernet-bridge
set interfaces xe-4/2/0 unit 0 family bridge interface-mode access
set interfaces xe-4/2/0 unit 0 family bridge vlan-id 1
set bridge-domains bd1 vlan-id 1
set bridge-domains bd1 bridge-options mac-table-size 1048575
set bridge-domains bd1 bridge-options interface ge-4/0/6.0 interface-mac-limit 131071
set bridge-domains bd1 bridge-options interface ge-4/0/6.0 mac-pinning
set bridge-domains bd1 bridge-options interface xe-4/2/0.0 interface-mac-limit 131071
set bridge-domains bd1 bridge-options interface xe-4/2/0.0 mac-pinning

Procedure

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode

To configure MAC pinning on access interfaces in bridge domains:

  1. Configure both the interfaces as access interfaces and specify the VLAN ID.

    content_copy zoom_out_map
    [edit interfaces]
user@host# set interfaces ge-4/0/6 encapsulation ethernet-bridge
user@host# set interfaces ge-4/0/6 unit 0 family bridge interface-mode access
user@host# set interfaces ge-4/0/6 unit 0 family bridge vlan-id 1
user@host# set interfaces xe-4/2/0 encapsulation ethernet-bridge
user@host# set interfaces xe-4/2/0 unit 0 family bridge interface-mode access
user@host# set interfaces xe-4/2/0 unit 0 family bridge vlan-id 1

  2. Specify the name of the bridge domain.

    content_copy zoom_out_map
    [edit bridge-domains]
user@host# set bridge-domains bd1 vlan-id 1

  3. Specify the size of the MAC address table for the bridge domain.

    content_copy zoom_out_map
    [edit bridge-domains]
user@host#  set bridge-domains bd1 bridge-options mac-table-size 1048575

  4. Specify the maximum number of MAC addresses that can be learned on both the access interfaces.

    content_copy zoom_out_map
    [edit bridge-domains]
user@host# set bridge-domains bd1 bridge-options interface ge-4/0/6.0 interface-mac-limit 131071
user@host#  set bridge-domains bd1 bridge-options interface xe-4/2/0.0 interface-mac-limit 131071

  5. Configure MAC pinning on both the access interfaces.

    content_copy zoom_out_map
    [edit bridge-domains]
user@host#  set bridge-domains bd1 bridge-options interface ge-4/0/6.0 mac-pinning
user@host#  set bridge-domains bd1 bridge-options interface xe-4/2/0.0 mac-pinning

Results

From configuration mode, confirm your configuration by entering show interfaces and show bridge-domains commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

content_copy zoom_out_map
user@host# show interfaces
ge-4/0/6 {
encapsulation ethernet-bridge;
    unit 0 {
        family bridge {
            interface-mode access;
        vlan-id 1;
        }
    }
}
xe-4/2/0 {
encapsulation ethernet-bridge;
    unit 0 {
        family bridge {
            interface-mode access;
        vlan-id 1;
        }
    }
}

user@host# show bridge-domains
bridge-domains {
    bd1 {
        vlan-id 1;
        bridge-options {
            mac-table-size {
                1048575;
                }
                interface ge-4/0/6.0 {
                interface-mac-limit {
                131071;
                }
                mac-pinning;
            }
            interface xe-4/2/0.0 {
                interface-mac-limit {
                131071;
                }
                mac-pinning;
            }
        }
    }
}

If you have completed configuring the device, enter commit from the configuration mode.

Verification

Verifying That MAC Pinning Is Configured Correctly

Purpose

Ensure that MAC pinning has been enabled on the access interfaces.

Action

From operational mode, enter the show l2-learning interface command.

content_copy zoom_out_map
user@host> show l2-learning interface 
Routing Instance Name : default-switch
Logical Interface flags (DL -disable learning, AD -packet action drop,
                         LH - MAC limit hit, DN - Interface Down, MP - MAC Pinning)
Logical             BD         MAC        STP          Logical
Interface           Name       Limit      State        Interface flags  
xe-4/0/6.0                     131000                               MP
                    BD_Tru..   131000     Forwarding  
                    BD_Tru..   131000     Forwarding  
                    BD_Tru..   131000     Forwarding  
                    BD_Tru..   131000     Forwarding  
                    BD_Tru..   131000     Forwarding  
Routing Instance Name : default-switch
Logical Interface flags (DL -disable learning, AD -packet action drop,
                         LH - MAC limit hit, DN - Interface Down, MP - MAC Pinning)
Logical             BD         MAC        STP          Logical
Interface           Name       Limit      State        Interface flags  
xe-4/2/0.0                     131000                               MP
                    BD_Tru..   131000     Forwarding  
                    BD_Tru..   131000     Forwarding  
                    BD_Tru..   131000     Forwarding  
                    BD_Tru..   131000     Forwarding  
                    BD_Tru..   131000     Forwarding

Meaning

The Interface flags field indicates the interfaces that have MAC pinning enabled.

Related Documentation

arrow_backward PREVIOUS Configuring MAC Pinning on All Pseudowires of a Specific Neighbor of LDP-Based VPLS Routing Instance for Logical Systems
NEXT arrow_forward Example: Prevention of Loops in Bridge Domains by Enabling the MAC Pinnning Feature on Trunk Interfaces
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top