This chapter describes the management of static and dynamic MAC address entries. For information on the management of multicast MAC address entries, refer to the section related to multicast protocol in H3C S7500 Series Ethernet Switches Operation Manual.
1.1 Overview
An Ethernet switch maintains a MAC address table to forward packets quickly. A MAC address table is a port-based Layer 2 address table. It is the base for Ethernet switch to perform Layer 2 packet forwarding. Each entry in a MAC address table contains the following fields:
l Destination MAC address
l ID of the VLAN which a port belongs to.
l Forwarding port number.
Upon receiving a packet, a switch queries its MAC address table for the forwarding port number according to the destination MAC address carried in the packet and then forwards the packet through the port.
The dynamic address entries (not configured manually) in the MAC address table are learned by the Ethernet switch. When an Ethernet switch learns a MAC address, the following occurs:
When a switch receives a packet from one of its ports (referred to as Port 1), the switch extracts the source MAC address (referred to as MAC-SOURCE) of the packet and considers that the packets destined for MAC-SOURCE can be forwarded through Port 1.
l If the MAC address table already contains MAC-SOURCE, the switch updates the corresponding MAC address entry.
l If MAC-SOURCE does not exist in the MAC address table, the switch adds MAC-SOURCE and Port 1 as a new MAC address entry to the MAC address table.
Figure 1-1 Packets forwarded by using a MAC address table.
After learning the source address of the packet, the switch searches the MAC address table for the destination MAC address of the received packet:
l If it finds a match, it directly forwards the packet.
l If it finds no match, it forwards the packet to all ports, except the receiving port, within the VLAN to which the receiving port belongs. Normally, this is referred to as broadcasting the packet.
After broadcasting the packet, the switch will do one of the following based on whether it receives a response packet:
l If the network device returns a packet to the switch, this indicates the packet has been sent to the destination device. The MAC address of the device is carried in the packet. The switch adds the new MAC address to the MAC address table through address learning. After that, the switch can directly forward other packets destined for the same network device by using the newly added MAC address entry.
l If the destination device does not respond to the packet, this indicates that the destination device is unreachable or that the destination device receives the packet but gives no response. In this case, the switch still cannot learn the MAC address of the destination device. Therefore, the switch will still broadcast any other packet with this destination MAC address.
To fully utilize a MAC address table, which has a limited capacity, the switch uses an aging mechanism for updating the table. That is, the switch removes the MAC address entries related to a network device if no packet is received from the device within the aging time. Aging time only applies to dynamic MAC address entries.
You can manually configure (add or modify) a static or dynamic MAC address entry based on the actual network environment.
The switch learns only unicast addresses by using the MAC address learning mechanism but directly drops any packet with a broadcast source MAC address.
Entries in a MAC address table fall into the following two categories according to their characteristics and configuration methods:
l Static MAC address entry: Also known as permanent MAC address entry. This type of MAC address entries are added/removed manually and can not age out by themselves. Using static MAC address entries can reduce broadcast packets remarkably and are suitable for networks where network devices seldom change.
l Dynamic MAC address entry: This type of MAC address entries age out after the configured aging time. They are generated by the MAC address learning mechanism or configured manually.
Table 1-1 lists the different types of MAC address entries and their characteristics.
Table 1-1 Characteristics of different types of MAC address entries
|
MAC address entry |
Configuration method |
Aging time |
Reserved or not at reboot (if the configuration is saved) |
|
Static MAC address entry |
Manually configured |
Unavailable |
Yes |
|
Dynamic MAC address entry |
Manually configured or generated by MAC address learning mechanism |
Available |
No |
Table 1-2 MAC address entry configuration tasks
1.2.2 Configuring a MAC Address Entry
You can add, modify, or remove one MAC address entry, remove all the MAC address entries (unicast MAC addresses only) concerning a specific port, or remove a specific type of MAC address entries (dynamic or static).
Table 1-3 Add a MAC address entry
|
Operation |
Command |
Description |
|
Enter system view |
system-view |
— |
|
Add a MAC address entry |
mac-address { static | dynamic } mac-address interface interface-type interface-number vlan vlan-id |
Required |
Caution:
For a MAC address entry to be added, the port specified by the interface keyword must belong to the VLAN specified by the vlan keyword in the command. Otherwise, the entry will not be added.
1.2.3 Setting the Aging Time for MAC Address Entries
Setting aging time properly helps implement effective MAC address aging. The aging time that is too long or too short results in a large amount of broadcast packets wandering across the network and decreases the performance of the switch.
l If the aging time is too long, excessive invalid MAC address entries maintained by the switch may fill up the MAC address table. This prevents the MAC address table from varying with network changes in time.
l If the aging time is too short, the switch may remove valid MAC address entries. This decreases the forwarding performance of the switch.
Table 1-4 Set aging time for MAC address entries
|
Operation |
Command |
Description |
|
Enter system view |
system-view |
— |
|
Set the aging time of MAC address entries |
mac-address timer { aging age | no-aging } |
Required
The default aging time is 300 seconds. |
This command is used in system view and applies to all ports. Aging applies to only dynamic MAC addresses that are learnt or configured to age.
Normally, you are recommended to use the default aging time, namely, 300 seconds. The no-aging keyword specifies that MAC address entries do not age out.
1.2.4 Setting the Maximum Number of MAC Addresses a Port Can Learn
The MAC address learning mechanism enables an Ethernet switch to acquire the MAC addresses of the network devices on the segment connected to the ports of the switch. The switch directly forwards the packets destined for these MAC addresses. An oversized MAC address table may decrease the forwarding performance of the switch.
By setting the maximum number of MAC addresses that can be learnt from individual ports, you can control the number of the MAC address entries the MAC address table can dynamically maintains. If you have set the maximum number of MAC addresses that a port can learn to count, the port stops learning MAC addresses when the number of MAC addresses learned by the port reaches count.
Table 1-5 Set the maximum number of MAC addresses a port can learn
|
Operation |
Command |
Description |
|
Enter system view |
system-view |
— |
|
Enter Ethernet port view |
interface interface-type interface-number |
— |
|
Set the maximum number of MAC addresses the port can learn |
mac-address max-mac-count count |
Required
By default, the number of the MAC addresses a port can learn is not limited. |
To gain better control over network security, you can use the following commands to disable the current port from learning MAC addresses.
Table 1-6 Disable the current port from learning MAC addresses
|
Operation |
Command |
Description |
|
Enter system view |
system-view |
— |
|
Enter Ethernet port view |
interface interface-type interface-number |
— |
|
Disable the current port from learning MAC addresses |
mac-address mac-learning disable |
Required
By default, the port is enabled to learn MAC addresses. |
l Do not use the mac-address mac-learning disable command together with related 802.1x commands in Ethernet port view.
l Do not use the mac-address mac-learning disable command together with the mac-address max-mac-count command.
If there are multiple chips on a board, each chip can learn only the MAC addresses of the data flow it handles. If a chip receives a packet whose MAC address entry is stored in another chip, it broadcasts the packet.
You can configure MAC address learning synchronization between board chips to synchronize MAC address entries between chips. This reduces broadcasting of unknown packets, lowers switch processing load, and improves network utilization.
Table 1-7 Configure MAC address learning synchronization between board chips
|
Operation |
Command |
Description |
|
Enter system view |
system-view |
— |
|
Enable MAC address learning synchronization between board chips |
mac-address learning synchronization |
Optional
By default, MAC address learning synchronization between board chips is disabled. |
You can use the following commands to configure whether or not the packets with destination MAC address being the bridge MAC address of the switch will be passed to CPU for processing.
Table 1-8 Set the processing method for the specific packets
|
Operation |
Command |
Description |
|
Enter system view |
system-view |
— |
|
Enable the packets with destination MAC address as the bridge MAC address of the switch to be passed to the CPU for processing |
bridgemactocpu enable |
Optional
By default, the packets with destination MAC address as the bridge MAC address of the switch are not passed to the CPU for processing. |
|
Disable the packets with destination MAC address as the bridge MAC address of the switch from being passed to the CPU for processing |
bridgemactocpu disable |
Optional |
1.3 Displaying and Maintaining MAC Address Configuration
To verify your configuration, you can display information about the MAC address table by executing the display command in any view.
Table 1-9 Display and maintain MAC address table configuration
|
Operation |
Command |
Description |
|
Display information about the MAC address table |
display mac-address [ display-option ] |
You can use the display command in any view. |
|
Display the aging time of the dynamic MAC address entries in the MAC address table |
display mac-address aging-time |
I. Network requirements
l Log in to the switch through the Console port and enable address table configuration.
l Set the aging time of dynamic MAC address entries to 500 seconds.
l Add a static MAC address entry 000f-e20f-dc71 for Ethernet1/0/2 port (assuming that the port belongs to VLAN 1)
II. Network diagram
Figure 1-2 Network diagram for MAC address table configuration
III. Configuration procedure
# Enter system view.
<H3C> system-view
[H3C]
# Add a MAC address, with the VLAN, ports, and states specified.
[H3C] mac-address static 000f-e20f-dc71 interface Ethernet 1/0/2 vlan 1
# Set the aging time of dynamic MAC addresses to 500 seconds.
[H3C] mac-address timer aging 500
# Display the information about the MAC address entries in system view.
[H3C] display mac-address interface Ethernet 1/0/2
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
000f-e20f-dc71 1 Config static Ethernet1/0/2 NOAGED
000f-e20f-5503 1 Learned Ethernet1/0/2 445
000f-e20f-5548 1 Learned Ethernet1/0/2 282
--- 3 mac address(es) found on port Ethernet1/0/2 ---
