I have spent the last 4 hours searching for this configuration statement and not only am I disappointed, I am angry at having to spend so much time trying to a find a very answer to this query. Unfortunately I don't have an ELS switch at my disposal, where I could use the help to find it. Here is some information I have found, but not the configuration needed or requested. So if you acess to a 4300, could enable this feature and paste the cli statements in your response, so others can see it? Alo Juniper needs to modify the document and add the specific cli statrement.
With MAC limiting, you limit the MAC addresses that can be learned on Layer 2 access interfaces by either limiting the number of MAC addresses or by specifying allowed MAC addresses.
• Specifying allowed MAC addresses—You configure the allowed MAC addresses for an interface. Any MAC address that is not in the list of configured addresses is not learned, and the switch logs an appropriate message. An allowed MAC address is bound to a VLAN so that the address is not registered outside the VLAN. If an allowed MAC setting conflicts with a dynamic MAC setting, the allowed MAC setting takes precedence.
Allowed MAC List: Specifies the MAC addresses that are allowed for the interface
MAC limiting is configured on Layer 2 interfaces
To add a MAC address:
1. Click Add.
2. Enter the MAC address.
3. Click OK
Page 95
NOTE: On a QFX Series Virtual Chassis, if you include the shutdown option at the
[edit vlans vlan-name switch-options interface interface-name interface-mac-limit packet-action]
hierarchy level and issue the commit operation, the system generates a commit error. The system does not
generate an error if you include the shutdown optionat the
[edit switch-options interface interface-name interface-mac-limit packet-action]
hierarchy level.
Page 96
[edit switch-options]
user@switch# set interface interface-name interface-mac-limit limit packet-action <action>
[edit vlans]
user@switch# set vlan-name switch-options mac-table-size limit packet-action <action>
drop|drop-and-log|log|none|shutdown |- recovery-timeout
page 100
[edit edit vlans vlan-name switch-options]
user@switch# set mac-move-limit limit
As an alternative to using persistent MAC learning with MAC limiting, you can statically configure each MAC address on each port or allow.
[edit switch-options]
user@switch# set interface interface-name persistent-learning
To enable MAC limiting on one or more interfaces using the J-Web interface:
1. Select Configure>Security>Port Security.
2. Select one or more interfaces from the Interface List.
3. Click the Edit button. If a message appears asking whether you want to enable port security, click Yes.
...
To add allowed MAC addresses:
1. Click Add.
2. Type the allowed MAC address and click OK.
Repeat this step to add more allowed MAC addresses.
6. Click OK when you have finished setting MAC limits.
7. Click OK after the configuration has been successfully delivered.
• Specifying allowed MAC addresses—You configure the allowed MAC addresses for an interface. Any MAC address that is not in the list of configured addresses is not learned, and the switch logs an appropriate message. An allowed MAC address is bound to a VLAN so that the address is not registered outside the VLAN. If an allowed MAC setting conflicts with a dynamic MAC setting, the allowed MAC setting takes precedence.
Allowed MAC List: Specifies the MAC addresses that are allowed for the interface
MAC limiting is configured on Layer 2 interfaces
To add a MAC address:
1. Click Add.
2. Enter the MAC address.
3. Click OK
Page 95
NOTE: On a QFX Series Virtual Chassis, if you include the shutdown option at the
[edit vlans vlan-name switch-options interface interface-name interface-mac-limit packet-action]
hierarchy level and issue the commit operation, the system generates a commit error. The system does not
generate an error if you include the shutdown optionat the
[edit switch-options interface interface-name interface-mac-limit packet-action]
hierarchy level.
Page 96
[edit switch-options]
user@switch# set interface interface-name interface-mac-limit limit packet-action <action>
[edit vlans]
user@switch# set vlan-name switch-options mac-table-size limit packet-action <action>
drop|drop-and-log|log|none|shutdown |- recovery-timeout
page 100
[edit edit vlans vlan-name switch-options]
user@switch# set mac-move-limit limit
As an alternative to using persistent MAC learning with MAC limiting, you can statically configure each MAC address on each port or allow.
[edit switch-options]
user@switch# set interface interface-name persistent-learning
To enable MAC limiting on one or more interfaces using the J-Web interface:
1. Select Configure>Security>Port Security.
2. Select one or more interfaces from the Interface List.
3. Click the Edit button. If a message appears asking whether you want to enable port security, click Yes.
...
To add allowed MAC addresses:
1. Click Add.
2. Type the allowed MAC address and click OK.
Repeat this step to add more allowed MAC addresses.
6. Click OK when you have finished setting MAC limits.
7. Click OK after the configuration has been successfully delivered.
ALL KINDS OF CLI STATEMENTS FOUND EXCEPT "ALLOWED MAC ADDRESS" Statement!!!