Login
- Table of Contents
-
- 03-Layer 2 - LAN Switching Command Reference
- 00-Preface
- 01-VLAN Commands
- 02-MAC Address Table Commands
- 03-Spanning Tree Commands
- 04-Ethernet Link Aggregation Commands
- 05-Port Isolation Commands
- 06-QinQ Commands
- 07-BPDU Tunneling Commands
- 08-GVRP Commands
- 09-VLAN Termination Commands
- 10-LLDP Commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 02-MAC Address Table Commands | 103.63 KB |
Contents
MAC address table configuration commands
display mac-address aging-time
display mac-address mac-learning
mac-address mac-learning disable
mac-address max-mac-count (interface view, port group view)
mac-address max-mac-count (VLAN view)
|
|
NOTE: The MAC address table can contain only Layer 2 Ethernet ports, Layer 2 virtual Ethernet (VE) interfaces, and Layer 2 aggregate interfaces. |
display mac-address
Syntax
display mac-address [ mac-address [ vlan vlan-id ] | [ dynamic | static ] [ interface interface-type interface-number ] | blackhole ] [ vlan vlan-id ] [ count ] ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
blackhole: Displays blackhole MAC address entries. These entries do not age, but you can add or remove them. Packets whose destination MAC addresses match blackhole MAC address entries are dropped.
vlan vlan-id: Displays MAC address entries of the specified VLAN. The VLAN ID ranges from 1 to 4094.
count: Displays the number of MAC address entries specified by related parameters in the command. When this keyword is used, the command displays only the number of specified MAC address entries, rather than related information about these MAC address entries.
mac-address: Displays MAC address entries in a specified MAC address, in the format of H-H-H.
dynamic: Displays dynamic MAC address entries. These entries can age.
static: Displays static MAC address entries. Similar to blackhole MAC address entries, these entries do not age, but you can add or remove them.
interface interface-type interface-number: Displays the MAC address learning status of the specified interface. interface-type interface-number specifies an interface by its type and number.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display mac-address command to display information about the MAC address table.
Related commands: mac-address (system view), mac-address (interface view), and mac-address timer.
Examples
# Display the MAC address table entry for VLAN 4093.
<Sysname> display mac-address vlan 4093
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
000f-e201-0101 4093 Learned GigabitEthernet4/1/1 AGING
--- 1 mac address(es) found ---
Table 1 Output description
|
Field |
Description |
|
MAC ADDR |
MAC address. |
|
VLAN ID |
ID of the VLAN to which the MAC address belongs. |
|
STATE |
State of a MAC address entry: · Config static—The static entry manually configured by the user. · Config dynamic—The dynamic entry manually configured by the user. · Learned—The entry learned by the router. · Blackhole—The blackhole entry. |
|
PORT INDEX |
Number of the port corresponding to the MAC address. Packet destined to this MAC address will be sent out this port. Displayed as N/A for a blackhole MAC address entry. |
|
AGING TIME(s) |
Aging time: · AGING—The entry is aging. · NOAGED—The entry does not age. |
display mac-address aging-time
Syntax
display mac-address aging-time [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display mac-address aging-time command to display the aging time of dynamic entries in the MAC address table.
Related commands: mac-address (system view), mac-address (interface view), mac-address timer, and display mac-address.
Examples
# Display the aging time of dynamic entries in the MAC address table.
<Sysname> display mac-address aging-time
Mac address aging time: 300s
The information above indicates that the aging time of dynamic entries in the MAC address table is 300 seconds.
display mac-address mac-learning
Syntax
display mac-address mac-learning [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
interface-type interface-number: Specifies an interface by its type and number. Displays MAC address learning status of the specified interface.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display mac-address mac-learning command to display the MAC address learning status of the specified or all ports.
Examples
# Display MAC address learning status of all Ethernet ports.
<Sysname> display mac-address mac-learning
Mac address learning status of the switch: enable
PortName Learning Status
Bridge-Aggregation2 enable
GigabitEthernet3/1/1 enable
GigabitEthernet3/1/2 enable
GigabitEthernet3/1/3 enable
GigabitEthernet3/1/4 enable
GigabitEthernet4/1/1 enable
GigabitEthernet4/1/2 enable
GigabitEthernet4/1/3 enable
GigabitEthernet4/1/4 enable
Table 2 Output description
|
Field |
Description |
|
Mac-address learning status of the switch |
Global MAC address learning status, enabled or disabled. |
|
Learning Status |
MAC address learning status for a port, enabled or disabled. |
mac-address (interface view)
Syntax
mac-address { dynamic | static } mac-address vlan vlan-id
undo mac-address { dynamic | static } mac-address vlan vlan-id
View
Layer 2 Ethernet interface view, Layer 2 VE interface view, Layer 2 aggregate interface view
Default level
2: System level
Parameters
dynamic: Dynamic MAC address entries. These entries can age.
static: Static MAC address entries. Similar to blackhole MAC address entries, these entries do not age, but you can add or remove them.
mac-address: MAC address in the format of H-H-H, where 0s at the beginning of each H (16-bit hexadecimal digit) can be omitted. For example, f-e2-1 indicates the MAC address 000f-00e2-0001.
vlan vlan-id: Specifies an existing VLAN to which the Ethernet interface belongs, where vlan-id is the specified VLAN ID, ranging from 1 to 4094.
Description
Use the mac-address command to add or modify a MAC address entry on a specified Ethernet port.
Use the undo mac-address command to remove a MAC address entry on the Ethernet port.
Because your MAC address entries configuration cannot survive a reboot, save it after completing the configuration. The dynamic MAC address table entries, however, are lost at next reboot whether or not you save the configuration.
Related commands: display mac-address.
Examples
# Add a static entry for MAC address 000f-e201-0101 on port GigabitEthernet 3/1/1, which belongs to VLAN 2.
<Sysname> system-view
[Sysname] interface GigabitEthernet 3/1/1
[Sysname-GigabitEthernet3/1/11] mac-address static 000f-e201-0101 vlan 2
# Add a static entry for MAC address 000f-e201-0102 on Bridge-Aggregation 1, which belongs to VLAN 1.
<Sysname> system-view
[Sysname] interface bridge-Aggregation 1
[Sysname-Bridge-Aggregation1] mac-address static 000f-e201-0102 vlan 1
mac-address (system view)
Syntax
mac-address blackhole mac-address vlan vlan-id
mac-address { dynamic | static } mac-address interface interface-type interface-number vlan vlan-id
undo mac-address [ { dynamic | static } mac-address interface interface-type interface-number vlan vlan-id ]
undo mac-address [ blackhole | dynamic | static ] [ mac-address ] vlan vlan-id
undo mac-address [ dynamic | static ] mac-address interface interface-type interface-number vlan vlan-id
undo mac-address [ dynamic | static ] interface interface-type interface-number
View
System view
Default level
2: System level
Parameters
blackhole: Blackhole MAC address entries. These entries do not age, but you can add or remove them. The packets whose destination or source MAC addresses match blackhole MAC address entries are dropped.
mac-address: MAC address in the format of H-H-H, where 0s at the beginning of each H (16-bit hexadecimal digit) can be omitted. For example, f-e2-1 indicates the MAC address 000f-00e2-0001.
vlan vlan-id: Specifies an existing VLAN to which the Ethernet interface belongs, where vlan-id is the specified VLAN ID, ranging from 1 to 4094.
dynamic: Dynamic MAC address entries. These entries can age.
static: Static MAC address entries. Similar to blackhole MAC address entries, these entries do not age, but you can add or remove them.
interface interface-type interface-number: Outbound interface specified by its type and number.
Description
Use the mac-address command to add or modify a MAC address entry.
Use the undo mac-address [ { blackhole | dynamic | static } mac-address interface interface-type interface-number vlan vlan-id ] command to remove one or all MAC address entries.
Use the undo mac-address [ blackhole | dynamic | static ] [ mac-address ] vlan vlan-id command to remove a MAC address entry, MAC address entries of a specified type, or all MAC address entries for a VLAN.
Use the undo mac-address [ blackhole | dynamic | static ] interface interface-type interface-number command to remove a MAC address entry, MAC address entries of a specified type, or all MAC address entries for an Ethernet port.
Use the undo mac-address [ blackhole | dynamic | static ] [ mac-address ] interface interface-type interface-number vlan vlan-id command to remove a MAC address entry or all MAC address entries for an Ethernet port.
Dynamically learned MAC addresses cannot overwrite static or blackhole MAC address entries, but the latter two can overwrite the former
If you execute the undo mac-address command without specifying any parameters, the command deletes all MAC address entries, except those generated by MAC address authentication.
You can delete all the MAC address entries of a VLAN, or choose to delete a specific type (dynamic, static, or blackhole) of MAC address entries only. You can single out certain ports and delete the corresponding MAC address entries.
The MAC address entries configuration cannot survive a reboot unless you save it. The dynamic MAC address table entries, however, are lost at next reboot whether or not you save the configuration.
Related commands: display mac-address.
Examples
# Add a static entry for MAC address 000f-e201-0101. All frames destined to this MAC address are sent out of port GigabitEthernet 3/1/1 which belongs to VLAN 2.
<Sysname> system-view
[Sysname] mac-address static 000f-e201-0101 interface GigabitEthernet 3/1/1 vlan 2
mac-address mac-learning disable
Syntax
mac-address mac-learning disable
undo mac-address mac-learning disable
View
Layer 2 Ethernet interface view, Layer 2 VE interface view, VLAN view, port group view, Layer 2 aggregate interface view
Default level
2: System level
Parameters
None
Description
Use the mac-address mac-learning disable command to disable MAC address learning on one or a group of ports, or on a VLAN, depending on the view you entered.
Use the undo mac-address mac-learning disable command to enable MAC address learning on one or a group of ports, or on a VLAN, depending on the view you entered.
By default, MAC address learning is enabled on all ports.
You may need to disable MAC address learning sometimes to prevent the MAC address table from being saturated, for example, when your router is being attacked by a great deal of packets with different source MAC addresses. This somewhat affects update of the MAC address table.
Because disabling MAC address learning may result in broadcast storms, you must enable broadcast storm suppression after you disable MAC address learning on a port.
Related commands: display mac-address mac-learning.
Examples
# Disable MAC address learning on GigabitEthernet 3/1/10.
<Sysname> system-view
[Sysname] interface GigabitEthernet 3/1/10
[Sysname-GigabitEthernet3/1/10] mac-address mac-learning disable
# Disable MAC address learning on VLAN 10.
<Sysname> system-view
[Sysname] vlan 10
[Sysname-vlan10] mac-address mac-learning disable
# Disable MAC address learning on Bridge-Aggregation 1.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] mac-address mac-learning disable
mac-address max-mac-count (interface view, port group view)
Syntax
mac-address max-mac-count { count | disable-forwarding }
undo mac-address max-mac-count [ disable-forwarding ]
View
Layer 2 Ethernet interface view, Layer 2 VE interface view, port group view, Layer 2 aggregate interface view
Default level
2: System level
Parameters
count: Maximum number of MAC addresses that can be learned on a port. The value ranges from 0 to 1048576. When the argument takes 0, the VLAN is disabled from learning MAC addresses.
disable-forwarding: Disables forwarding of frames with unknown source MAC addresses after the number of learned MAC addresses reaches the upper limit. Frames whose source MAC addresses are in the MAC address table will be forwarded.
Description
Use the mac-address max-mac-count command to configure the maximum number of MAC addresses that can be learned on a port.
Use the mac-address max-mac-count disable-forwarding command to disable the router from forwarding frames with unknown source MAC addresses after the number of learned MAC addresses reaches the upper limit.
Use the undo mac-address max-mac-count command to restore the default maximum number of MAC addresses that can be learned on a port.
Use the undo mac-address max-mac-count disable-forwarding command to allow the router to forward frames received on a port with unknown source MAC addresses after the number of learned MAC addresses reaches the upper limit.
By default, the maximum number of MAC addresses that can be learned on a port is not specified. The frames whose source MAC addresses are in the MAC address table are forwarded.
If the command is executed in interface view, the configuration takes effect on the interface. If the command is executed in port group view, the configuration takes effect on all ports that belong to the port group.
By configuring a static MAC address entry for a port or a port group and disabling MAC address learning on it, you can configure the port or all ports in the port group only to allow packets whose source MAC addresses are the configured static MAC address to pass through, thus preventing illegal network devices from using the port or ports in the port group to access the network.
Related commands: mac-address (system view), mac-address (interface view), and mac-address timer.
Examples
# Set the maximum number of MAC addresses that can be learned on interface GigabitEthernet 3/1/10 to 600. After this upper limit is reached, frames received with unknown source MAC addresses on the port will not be forwarded.
<Sysname> system-view
[Sysname] interface GigabitEthernet 3/1/10
[Sysname-GigabitEthernet3/1/10] mac-address max-mac-count 600
[Sysname-GigabitEthernet3/1/10] mac-address max-mac-count disable-forwarding
mac-address max-mac-count (VLAN view)
Syntax
mac-address max-mac-count { count | disable-forwarding }
undo mac-address max-mac-count [ disable-forwarding ]
View
VLAN view
Default level
2: System level
Parameters
count: Maximum number of MAC addresses that can be learned on a VLAN. The value ranges from 0 to 1048576. When the argument takes 0, the VLAN is disabled from learning MAC addresses.
disable-forwarding: Disables forwarding of frames with unknown source MAC addresses after the number of learned MAC addresses reaches the upper limit. Frames whose source MAC addresses are in the MAC address table will be forwarded.
Description
Use the mac-address max-mac-count count command to configure the maximum number of MAC addresses that can be learned on a VLAN.
Use the mac-address max-mac-count disable-forwarding command to disable the router from forwarding frames with unknown source MAC addresses after the number of learned MAC addresses reaches the upper limit.
Use the undo mac-address max-mac-count command to restore the default maximum number of MAC addresses that can be learned on a VLAN.
Use the undo mac-address max-mac-count disable-forwarding command to allow the router to forward frames with unknown source MAC addresses for the VLAN after the number of learned MAC addresses reaches the upper limit.
By default, the maximum number of MAC addresses that can be learned on a VLAN is not specified. The frames whose source MAC addresses are in the MAC address table are forwarded.
By configuring a static MAC address entry for a VLAN and disabling MAC address learning on it, you can configure the VLAN only to allow packets whose source MAC addresses are the configured static MAC address to pass through, thus preventing illegal network devices from using the ports in the VLAN to access the network.
Related commands: mac-address (system view), mac-address (interface view), and mac-address timer.
Examples
# Set the maximum number of MAC addresses that can be learned on VLAN 10 to 600. After this upper limit is reached, frames with unknown source MAC addresses will not be forwarded through the VLAN.
<Sysname> system-view
[Sysname] vlan 10
[Sysname-vlan10] mac-address max-mac-count 600
[Sysname-vlan10] mac-address max-mac-count disable-forwarding
mac-address timer
Syntax
mac-address timer { aging seconds | no-aging }
undo mac-address timer aging
View
System view
Default level
2: System level
Parameters
aging seconds: Sets an aging timer for dynamic MAC address entries, ranging from 10 to 3600 seconds.
no-aging: Sets dynamic MAC address entries not to age.
Description
Use the mac-address timer command to configure the aging timer for dynamic MAC address entries.
Use the undo mac-address timer command to restore the default.
By default the aging timer for dynamic MAC address entries is 300 seconds.
Set the aging timer appropriately.
· A long aging interval may cause the MAC address table to retain outdated entries and fail to accommodate the latest network changes.
· A short aging interval may result in removal of valid entries and hence unnecessary broadcasts, which may affect router performance.
Examples
# Set the aging timer for dynamic MAC address entries to 500 seconds.
<Sysname> system-view
[Sysname] mac-address timer aging 500
