04-Layer 2 - LAN Switching Command Reference

HomeSupportResource CenterRoutersH3C SR6600-X Router SeriesH3C SR6600-X Router SeriesTechnical DocumentsReference GuidesCommand ReferencesH3C SR6600 SR6600-X Routers Command References-R7607-6W10004-Layer 2 - LAN Switching Command Reference
01-MAC address table commands
Title Size Download
01-MAC address table commands 58.07 KB

MAC address table commands

This document covers the configuration of unicast MAC address entries, including static, dynamic, and blackhole MAC address entries. For more information about configuring static multicast MAC address entries, see IP Multicast Configuration Guide. For more information about MAC address table configuration in VPLS, see MPLS Configuration Guide.

display mac-address

Use display mac-address to display MAC address entries.

Syntax

display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type interface-number ] | blackhole ] [ vlan vlan-id ] [ count ] ] | ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

mac-address: Specifies a MAC address in the format of H-H-H. When entering a MAC address, you can omit the leading zeros in each H section. For example, enter f-e2-1 for 000f-00e2-0001.

vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

dynamic: Displays dynamic MAC address entries.

static: Displays static MAC address entries.

interface interface-type interface-number: Specifies an interface by its type and number.

blackhole: Displays blackhole MAC address entries.

count: Displays only the number of MAC address entries that match all entry attributes you specify in the command. Detailed information about MAC address entries is not displayed. For example, you can use the display mac-address vlan 20 dynamic count command to display the number of dynamic entries for VLAN 20. If you do not specify an entry attribute, the command displays the number of entries in the MAC address table. If you do not specify this keyword, the command displays detailed information about the specified MAC address entries.

Usage guidelines

A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID.

If you do not specify any parameters, the command displays all MAC address entries.

This command displays dynamic MAC address entries for an aggregate interface only when the aggregate interface has a minimum of one Selected member port.

Examples

# Display MAC address entries for VLAN 100.

<Sysname> display mac-address vlan 100

MAC Address      VLAN ID    State            Port/NickName            Aging

0033-0033-0033   100        Blackhole        N/A                      N

0000-0000-0002   100        Static           GE2/1/3                  N

00e0-fc00-5829   100        Learned          GE2/1/4                  Y

0000-0000-0022   100        OpenFlow         GE2/1/4                  N

# Display the number of MAC address entries.

<Sysname> display mac-address count

1 mac address(es) found.

Table 1 Command output

Field

Description

VLAN ID

ID of the VLAN to which the outgoing interface of the MAC address entry belongs.

State

MAC address entry state:

·     Static—Static MAC address entry.

·     Learned—Dynamic MAC address entry. Dynamic entries can be learned or manually configured.

·     Blackhole—Blackhole MAC address entry.

·     OpenFlow—MAC address entry for an OpenFlow instance.

Port/NickName

Outgoing interface for packets that are destined for the MAC address. This field displays N/A for a blackhole MAC address entry.

Aging

Whether the entry can age out:

·     Y—The entry can age out.

·     N—The entry never ages out.

mac address(es) found

Number of matching MAC address entries.

 

Related commands

mac-address

mac-address timer

display mac-address aging-time

Use display mac-address aging-time to display the aging timer for dynamic MAC address entries.

Syntax

display mac-address aging-time

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display the aging timer for dynamic MAC address entries.

<Sysname> display mac-address aging-time

MAC address aging time: 300s.

Related commands

mac-address timer

mac-address (interface view)

Use mac-address to add or modify a MAC address entry on an interface.

Use undo mac-address to delete a MAC address entry on an interface.

Syntax

mac-address { dynamic | static } mac-address vlan vlan-id

undo mac-address { dynamic | static } mac-address vlan vlan-id

Default

An interface is not configured with MAC address entries.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

mdc-admin

Parameters

dynamic: Specifies dynamic MAC address entries.

static: Specifies static MAC address entries.

mac-address: Specifies a MAC address in the format of H-H-H, excluding multicast, all-zero, and all-F MAC addresses. When entering a MAC address, you can omit the leading zeros in each H section. For example, enter f-e2-1 for 000f-00e2-0001.

vlan vlan-id: Specifies an existing VLAN to which the specified interface belongs. The value range for the vlan-id argument is 1 to 4094.

Usage guidelines

Typically, the device automatically builds the MAC address table by learning the source MAC addresses of incoming frames on each interface. However, you can manually configure static MAC address entries. For a MAC address, a manually configured static entry takes precedence over a dynamically learned entry. To improve the security for the user device connected to an interface, manually configure a static entry to bind the user device to the interface. Then, the frames destined for the user device (for example, Host A) are always sent out of the interface. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A.

The MAC address entry configuration cannot survive a reboot unless you save it. The dynamic MAC address entries, however, are lost upon reboot whether or not you save the configuration.

Examples

# Add a static entry for MAC address 000f-e201-0101 on interface GigabitEthernet 2/1/1 that belongs to VLAN 2.

<Sysname> system-view

[Sysname] interface gigabitethernet 2/1/1

[Sysname-GigabitEthernet2/1/1] mac-address static 000f-e201-0101 vlan 2

# Add a static entry for MAC address 000f-e201-0101 on Layer 2 aggregate interface Bridge-Aggregation 1 that belongs to VLAN 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] mac-address static 000f-e201-0102 vlan 1

Related commands

display mac-address

mac-address (system view)

mac-address (system view)

Use mac-address to add or modify a MAC address entry.

Use undo mac-address to delete one or all MAC address entries.

Syntax

mac-address { dynamic | static } mac-address interface interface-type interface-number vlan vlan-id

mac-address blackhole mac-address vlan vlan-id

undo mac-address [ [ dynamic | static ] mac-address interface interface-type interface-number vlan vlan-id ]

undo mac-address [ blackhole | dynamic | static ] [ mac-address ] vlan vlan-id

undo mac-address [ dynamic | static ] interface interface-type interface-number

Default

The system is not configured with MAC address entries.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

dynamic: Specifies dynamic MAC address entries.

static: Specifies static MAC address entries.

blackhole: Specifies blackhole MAC address entries. Packets whose source or destination MAC addresses match blackhole MAC address entries are dropped.

mac-address: Specifies a MAC address in the format of H-H-H, excluding multicast, all-zero, and all-F MAC addresses. When entering a MAC address, you can omit the leading zeros in each H section. For example, enter f-e2-1 for 000f-00e2-0001.

vlan vlan-id: Specifies an existing VLAN to which the interface belongs. The value range for the vlan-id argument is 1 to 4094.

interface interface-type interface-number: Specifies an outgoing interface by its type and number.

interface interface-list: Specifies interfaces in the format of { interface-type interface-number [ to interface-type interface-number ] } &<1-n>. The interface can only be a Layer 2 Ethernet interface or Layer 2 aggregate interface. &<1-n> specifies that you can configure a maximum of n interfaces or interface ranges. The value for n is 4.

Usage guidelines

You can use this command to configure the following types of MAC address entries:

·     Dynamic entries.

Dynamic entries include manually configured dynamic entries and automatically learned dynamic entries.

·     Static entries.

For a MAC address, a manually configured static entry takes precedence over a dynamic entry. To improve the security for the user device connected to an interface, manually configure a static entry to bind the user device to the interface. Then, the frames destined for the user device (for example, Host A) are always sent out of the interface. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A.

·     Blackhole entries.

To drop frames with the specified source MAC addresses or destination MAC addresses, you can configure blackhole entries.

A static or blackhole MAC address entry can overwrite a dynamic MAC address entry, but not vice versa.

If you execute the undo mac-address command without specifying any parameters, this command deletes all unicast MAC address entries and static multicast MAC address entries.

You can delete all the MAC address entries (including unicast MAC address entries and static multicast MAC address entries) of the specified VLAN. You can also delete only one type (dynamic, static or blackhole) of MAC address entries. You can single out an interface and delete the corresponding unicast MAC address entries, but not the corresponding static multicast MAC address entries.

The MAC address entry configuration cannot survive a reboot unless you save it. The dynamic MAC address entries, however, are lost upon reboot whether or not you save the configuration.

Examples

# Add a static entry for MAC address 000f-e201-0101. Then, all frames that are destined for this MAC address are sent out of interface GigabitEthernet 2/1/1, which belongs to VLAN 2.

<Sysname> system-view

[Sysname] mac-address static 000f-e201-0101 interface gigabitethernet 2/1/1 vlan 2

Related commands

display mac-address

mac-address (interface view)

mac-address mac-learning priority

Use mac-address mac-learning priority to assign MAC learning priority to an interface.

Use undo mac-address mac-learning priority to restore the default.

Syntax

mac-address mac-learning priority { high | low }

undo mac-address mac-learning priority

Default

Low MAC address learning priority is used.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

mdc-admin

Parameters

high: Assigns high MAC learning priority.

low: Assigns low MAC learning priority.

Usage guidelines

The MAC address learning priority values can be high and low. An interface with high MAC address learning priority can learn any MAC address. An interface with low MAC address learning priority can learn only the MAC addresses that have not been learned by high-priority interfaces.

The MAC learning priority mechanism can help defend your network against MAC address spoofing attacks. To prevent the downlink interface from learning the MAC address of an upper layer device (for example, the gateway), you can perform the following tasks:

·     Assign high MAC learning priority to an uplink interface.

·     Assign low MAC learning priority to a downlink interface.

Examples

# Assign high MAC learning priority to interface GigabitEthernet 2/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 2/1/1

[Sysname-GigabitEthernet2/1/1] mac-address mac-learning priority high

# Assign high MAC learning priority to interface Bridge-Aggregation 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] mac-address mac-learning priority high

mac-address max-mac-count

Use mac-address max-mac-count to set the MAC learning limit on an interface.

Use undo mac-address max-mac-count to restore the default.

Syntax

mac-address max-mac-count count

undo mac-address max-mac-count

Default

The MAC learning limit on an interface is restricted only by the hardware capacity.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

mdc-admin

Parameters

count: Specifies the maximum number of MAC addresses that can be learned on an interface. When the argument is set to 0, the interface is not allowed to learn MAC addresses. The value range for this argument is 0 to 32768.

Usage guidelines

This command limits the number of MAC address entries to limit the MAC address table size. A large MAC address table will degrade forwarding performance. When the number of MAC address entries learned by an interface reaches the limit, the interface stops learning MAC address entries.

Examples

# Configure interface GigabitEthernet 2/1/1 to learn a maximum of 600 MAC address entries.

<Sysname> system-view

[Sysname] interface gigabitethernet 2/1/1

[Sysname-GigabitEthernet2/1/1] mac-address max-mac-count 600

Related commands

mac-address

mac-address max-mac-count enable-forwarding

mac-address max-mac-count enable-forwarding

Use mac-address max-mac-count enable-forwarding to enable the device to forward unknown frames received on an interface after the MAC learning limit on the interface is reached. Unknown frames refer to frames whose source MAC addresses are not in the MAC address table.

Use undo mac-address max-mac-count enable-forwarding to disable the device from forwarding unknown frames received on an interface after the MAC learning limit on the interface is reached.

Syntax

mac-address max-mac-count enable-forwarding

undo mac-address max-mac-count enable-forwarding

Default

When the MAC learning limit on an interface is reached, the device can forward unknown frames received on the interface.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

mdc-admin

Examples

# Configure GigabitEthernet 2/1/1 to learn a maximum of 600 MAC address entries.

<Sysname> system-view

[Sysname] interface gigabitethernet 2/1/1

[Sysname-GigabitEthernet2/1/1] mac-address max-mac-count 600

# Disable the device from forwarding unknown frames received on GigabitEthernet 2/1/1 after the MAC learning limit on GigabitEthernet 2/1/1 is reached.

[Sysname-GigabitEthernet2/1/1] undo mac-address max-mac-count enable-forwarding

Related commands

mac-address

mac-address max-mac-count

mac-address timer

Use mac-address timer to set the aging timer for dynamic MAC address entries.

Use undo mac-address timer to restore the default.

Syntax

mac-address timer { aging seconds | no-aging }

undo mac-address timer

Default

The aging timer is 300 seconds for dynamic MAC address entries.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

aging seconds: Specifies an aging timer (in seconds) for dynamic MAC address entries. The value range for the seconds argument is 10 to 1000000.

no-aging: Configures dynamic MAC address entries not to age.

Usage guidelines

To set the aging timer appropriately, follow these guidelines:

·     A long aging interval causes the MAC address table to retain outdated entries and fail to accommodate the most recent network changes.

·     A short aging interval results in removal of valid entries. Then, unnecessary broadcast packets appear and affect device performance.

Examples

# Set the aging time to 500 seconds for dynamic MAC address entries.

<Sysname> system-view

[Sysname] mac-address timer aging 500

Related commands

display mac-address aging-time

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网