Friday, January 13, 2017

Security Optimization Configuration of display security anti-macspoofing max-mac-count(distributing-mode)

Function

This command is used to query the maximum number of MAC addresses that can be bound to the service virtual port. After the anti MAC spoofing is enabled, this value determines the maximum number of users accessing each service virtual port.

Format

display security anti-macspoofing max-mac-count { service-portid | frameid/slotid/portid{ stream | { user-vlan { untagged | user-vlanid } | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] } } }
display security anti-macspoofing max-mac-count frameid/slotid/portid { vpi vpi vci vci [ user-vlan { untagged | user-vlanid } | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] ] | autosense }
display security anti-macspoofing max-mac-count frameid/slotid/portid gemport gemport-id { stream | { user-vlan { untagged | user-vlanid } | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] } }

Parameters

Parameter Description Value
frameid/slotid/portid Indicates the subrack ID, slot ID, and port ID. Enter a slash (/) between the subrack, slot, and port IDs. When you need to query the maximum number of MAC addresses that can be bound to a specified service virtual port, use this parameter. Please see Differences Between Shelves.
service-port Indicates the service virtual port. -
service-portid Indicates the index of the Service Virtual Port. When you need to set the description for a service virtual port by the index, use this parameter.
Numeral type,Range:
  • SCUK/SCUL/SCUN:0-32767.
  • SCUB/SCUF:0-16383.
  • SCUH/SCUV:0-131071.
  • MCUD/MCUD1/MCUE:0-20479.
vpi vpi Indicates the VPI value to be entered. It is used together with the VCI to identify a user.
Numeral type. Range:
  • xDSL board. Range: 0-255.
  • Other boards. Range: 0-4095.
vci vci Indicates the VCI value to be entered. It is used together with the VPI to identify a user.
  • Numeral type. xDSL board. Range: 32-255.
  • Numeral type. Other boards. Range: 32-65535.
autosense Indicates when a service virtual port needs to learn the user-side VPI/VCI automatically, use this parameter. -
stream Indicates when you need to query the maximum number of MAC addresses that can be bound to a port in ETH or VDSL PTM access mode and for single port single service, use this parameter. -
user-vlan user-vlanid Indicates user-side VLAN of a service virtual port. To query the maximum number of MAC addresses that can be bound to a service virtual port with a specified user-side VLAN at one physical port, use this parameter. Numeral type. Range: 1-4095.
user-encap user-encap Indicates user-side encapsulation type of a service virtual port. When you need to query the maximum number of MAC addresses that can be bound to a service virtual port of a specified encapsulation type at one physical port, use this parameter. Enumerated type. Options: pppoe and ipoe.
untagged Indicates when the service virtual port needs to carry multiple services classified by the user side VLAN, the packets of one type of service can be set as untagged.
Untagged data packets do not contain VLAN information.		 -
user-8021p user-8021p Indicates user-side priority of a service virtual port. To query the maximum number of MAC addresses that can be bound to a service virtual port at a specified priority at one physical port, use this parameter. Numeral type. Range: 0-7.
gemport gemport-id GEM port number. GEM ports of each PON port are numbered in a centralized way. GEM ports 0-127 are reserved for the private use of OMCI and GEM ports 4000-4095 serve as channels for special use. Numeral type. Range: 128-3999.

Modes

Privilege mode

Level

Operator level

Usage Guidelines

None

Example

To query the maximum number of the MAC addresses that can be bound to the service virtual port (VPI/VCI: 0/35, user-side VLAN: 100) at port 0/3/0, do as follows:
huawei#display security anti-macspoofing max-mac-count 0/3/0 vpi 0 vci 35
user-vlan 100  
  ------------------------------------------------------------------------------
   F/ S/ P   VPI  VCI   FlowType  FlowPara   Max MAC number                       
  ------------------------------------------------------------------------------
   0/ 3/ 0   0    35    vlan      10         8                                    
  ------------------------------------------------------------------------------
  Note: F--Frame, S--Slot, P--Port(or Groupindex),
        VPI indicates GEM Port ID for GPON

System Response

  • The system displays the queried result when the command runs successfully.
  • The following table describes the parameters in response to this command.
    Parameter Description
    F/ S/ P Indicates the subrack ID, slot ID and port ID of the service virtual port.
    VPI
    • Indicates the virtual path identifier (VPI) in the case of an xDSL port.
    • Indicates the GEM port ID in the case of a GPON port.
    VCI
    • Indicates the virtual channel identifier (VCI) in the case of an xDSL port.
    • Meaningless in the case of a GPON port
    FlowType Indicates the traffic type. They must be the same as those configured by the service-port(profile mode) command.
    FlowPara Indicates the traffic parameters. They must be the same as those configured by the service-port(profile mode) command.
    Max MAC number Indicates the maximum number of MAC addresses that can be bound to a service virtual port.
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)