Layer 2 | 307MAC Learning LimitThis section describes the following:• MAC Learning Limit Dynamic• MAC Learning Limit Station-Move• Learning Limit Violation Actions• Station Move Violation Actions• Recovering from Learning Limit and Station Move ViolationsThe MAC address learning limit is a method of port security on Layer 2 port-channel and physicalinterfaces, and virtual local area networks (VLANs). It allows you to set an upper limit on the number ofMAC addresses that are learned on an interface/VLAN. After the limit is reached, the system drops alltraffic from a device with an unlearned MAC address.To set a MAC learning limit on an interface, use the following command:Three options are available with the mac learning-limit command: dynamic , no-station-move, and station-move .FTOS Behavior: When configuring the MAC learning limit on a port, the configuration is accepted(becomes part of the running-config and show mac learning-limit interface ) before the system verifies thatsufficient content addressable memory (CAM) space exists. If the CAM check fails, a message isdisplayed:%E90MH:5 %ACL_AGENT-2-ACL_AGENT_LIST_ERROR: Unable to apply access-listMac-Limit on TenGigabitEthernet 5/84In this case, the configuration is still present in the running-config and the show output. Remove theconfiguration before re-applying a MAC learning limit with a lower value. Also, ensure that you canview the syslog message on your session.Task Command Syntax Command ModeSpecify the number of MAC addresses that the systemcan learn off a Layer 2 interface. mac learning-limit address_limit INTERFACENote: A simple network management protocol (SNMP) trap is available for mac learning-limit station-move .No other SNMP traps are available for the MAC learning limit, including limit violations.