23-22
Cisco7600 Series Router Cisco IOS Software Configuration Guide—12.1E
78-14064-04
Chapter23 Con figuring Network Security
Configuring MAC Move Notification
When configuring unicast flood protection, note the following syntax information:
•Use the limit keyword to specify the unicast floods on a per source MAC address and per VLAN
basis; valid values are from 1 to 4000 floods per second (fps).
•Use the filter keyword to specify how long to filter unicast flood traffic; valid values are from 1 to
34560 minutes.
•Use the alert keyword to configure the system to send an alert message when frames of unicast
floods exceed the flood rate limit.
•Use the shutdown keyword to configure the system to shut down the ingress port generating the
floods when frames of unicast floods exceed the flood rate limit.
This example shows how to configure the system to filter unicast flood traffic for 5 minutes and set the
flood rate limit to 3000 fps:
Router(config)# mac-address-table unicast-flood limit 3 vlan 100 filter 5
Router # show mac-address-table unicast-flood
Unicast Flood Protection status: enabled
Configuration:
vlan Kfps action timeout
------+----------+-----------------+----------
100 3 filter 5
Mac filters:
No. vlan souce mac addr. installed on time left (mm:ss)
-----+------+-----------------+------------------------------+------------------
Router(config)#
Configuring MAC Move NotificationWhen you configure MAC move notification, a message is generated when a MAC address moves from
one port to another.
Note The MAC address move notification feature does not generate a notification when a new MAC address
is added to the CAM or when a MAC address is removed from the CAM.
To configure MAC move notification, perform this task:
Command Purpose
Step1 Router(config)# [no] mac-address-table
notification mac-move
Enables MAC move notification globally.
Step2 Router# show mac-address-table notification
mac-move
Displays MAC move notification information.