03-Layer 2—LAN Switching Command Reference

HomeSupportResource CenterSwitchesH3C S6300 Switch SeriesH3C S6300 Switch SeriesTechnical DocumentsCommandCommand ReferencesH3C S6300 Switch Series Command References-Release 243x-6W10003-Layer 2—LAN Switching Command Reference
04-MAC address table commands
Title Size Download
04-MAC address table commands 116.72 KB

MAC address table commands

This document covers the configuration of unicast MAC address entries, including static, dynamic, blackhole, and multiport unicast MAC address entries. For more information about configuring static multicast MAC address entries, see IP Multicast Configuration Guide.

display mac-address

Use display mac-address to display MAC address entries.

Syntax

display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type interface-number ] | blackhole | multiport ] [ vlan vlan-id ] [ count ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mac-address: Specifies a MAC address in the format of H-H-H. When entering a MAC address, you can omit the leading zeros in each H section. For example, enter f-e2-1 for 000f-00e2-0001.

vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

dynamic: Displays dynamic MAC address entries.

static: Displays static MAC address entries.

interface interface-type interface-number: Specifies an interface by its type and number.

blackhole: Displays blackhole MAC address entries.

multiport: Displays multiport unicast MAC address entries.

count: Displays only the number of MAC address entries that match all entry attributes you specify in the command. Detailed information about MAC address entries is not displayed. For example, you can use the display mac-address vlan 20 dynamic count command to display the number of dynamic entries for VLAN 20. If you do not specify an entry attribute, the command displays the number of entries in the MAC address table. If you do not specify this keyword, the command displays detailed information about the specified MAC address entries.

Usage guidelines

A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID.

If you do not specify any parameters, the command displays all MAC address entries.

This command displays dynamic MAC address entries for an aggregate interface only when the aggregate interface has at least one Selected member port.

Examples

# Display MAC address entries for VLAN 100.

<Sysname> display mac-address vlan 100

MAC Address      VLAN ID    State            Port/NickName            Aging

0001-0101-0101   100        Multiport        XGE1/0/1                   N

                                             XGE1/0/2

0033-0033-0033   100        Blackhole        N/A                        N

0000-0000-0002   100        Static           XGE1/0/3                   N

00e0-fc00-5829   100        Learned          XGE1/0/4                   Y

# Display the number of MAC address entries.

<Sysname> display mac-address count

1 mac address(es) found.

Table 1 Command output

Field

Description

VLAN ID

ID of the VLAN to which the outgoing interface of the MAC address entry belongs.

State

MAC address entry state:

·     StaticStatic MAC address entry.

·     LearnedDynamic MAC address entry. Dynamic entries can be learned or manually configured.

·     BlackholeBlackhole MAC address entry.

·     MultiportMultiport unicast MAC address entry.

Port/NickName

When the field displays an interface name, the field indicates the outgoing interface for packets that are destined for the MAC address. This field displays N/A for a blackhole MAC address entry.

When the field displays a 16-bit number Nickname in hexadecimal format (for example, 0x12ab), it indicates the RB through which the packets leave the TRILL network. For information about RBs and TRILL, see TRILL Configuration Guide.

Aging

Whether the entry can age out:

·     Y—The entry can age out.

·     N—The entry never ages out.

n mac address(es) found

Number of matching MAC address entries.

 

Related commands

·     mac-address

·     mac-address timer

display mac-address nickname

Use display mac-address nickname to display the MAC address information of the egress RB specified by its nickname.

Syntax

display mac-address nickname nickname

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

nickname nickname: Specifies an egress RB by its nickname. The value range for the nickname argument is 0x1 to 0xFFFE in hexadecimal format.

Examples

# Display the MAC address entries of the egress RB with the nickname 0x8c81.

<Sysname> display mac-address nickname 8c81

MAC Address     VLAN    IDState    Port/NickName    Aging

0000-3300-0001  10      Learned    0x8c81           Y

0000-3300-0002  10      Learned    0x8c81           Y

0000-3300-0003  10      Learned    0x8c81           Y

0000-3300-0004  10      Learned    0x8c81           Y

display mac-address aging-time

Use display mac-address aging-time to display the aging timer for dynamic MAC address entries.

Syntax

display mac-address aging-time

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the aging timer for dynamic MAC address entries.

<Sysname> display mac-address aging-time

MAC address aging time: 300s.

Related commands

mac-address timer

display mac-address mac-learning

Use display mac-address mac-learning to display the global MAC address learning status and the MAC learning status of the specified interface or all interfaces.

Syntax

display mac-address mac-learning [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays the global MAC address learning status and the MAC address learning status of all interfaces.

Examples

# Display the global MAC address learning status and the MAC learning status of all interfaces.

<Sysname> display mac-address mac-learning

Global MAC address learning status: Enabled.

 

Port                          Learning Status

XGE1/0/1                      Enabled

XGE1/0/2                      Enabled

XGE1/0/3                      Enabled

XGE1/0/4                      Enabled

Table 2 Command output

Field

Description

Global MAC address learning status

Global MAC address learning status:

·     Enabled.

·     Disabled.

Port

Interface name.

Learning Status

MAC address learning status of an interface:

·     Enabled.

·     Disabled.

 

Related commands

mac-address mac-learning enable

display mac-address mac-move

Use display mac-address mac-move to display the MAC address move records after the device is started.

Syntax

display mac-address mac-move [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify this option, the command displays MAC address move records on all member devices.

Usage guidelines

When MAC address moves for a MAC address always occur between the specified two interfaces, Layer 2 loops might occur in the network. To discover and locate loops, you can view the MAC address move records.

In the MAC address move records, records with the same MAC address, VLAN, source port, and current port are considered as to be one record.

An IRF member device can save a maximum of 200 MAC address move records.

Examples

# Display the MAC address move records on the IRF member device 2.

<Sysname> display mac-address mac-move slot 2

------------------------MAC address moving information----------------

MAC address    VLAN  Current port   Source port      Last time           Times

0000-0001-002c 1     XGE1/0/1        XGE1/0/2        2013-05-20 13:40:52 1

0000-0001-002c 1     XGE1/0/2        XGE1/0/1        2013-05-20 13:41:30 1

---  2 MAC address moving records found  ---

Table 3 Command output

Field

Description

MAC address

MAC address.

VLAN

VLAN that the outgoing interface of the MAC address entry belongs.

Current port

Interface to which the MAC address was moved.

Source port

Interface from which the MAC address was moved.

Last time

Last time when the MAC address was moved.

Times

Number of MAC address moves after the device is started. For a MAC address record, the number of MAC address moves is increased by 1 when a new MAC address move has the same MAC address, VLAN, Current Port, and Source Port fields as the MAC address record.

 

Related commands

mac-address notification mac-move

display mac-address statistics

Use display mac-address statistics to display MAC address table statistics.

Syntax

display mac-address statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

This command displays the number of MAC address entries per type and the maximum number of MAC address entries allowed for each type.

Examples

# Display MAC address table statistics.

<Sysname> display mac-address statistics

MAC Address Count:

Dynamic Unicast Address (Learned) Count:                         3

Dynamic Unicast Address (Security-service-defined) Count:        4

Static Unicast Address (User-defined) Count:                     0

Static Unicast Address (System-defined) Count:                   3

Total Unicast MAC Addresses In Use:                              10

Total Unicast MAC Addresses Available:                           131072

Multicast and Multiport MAC Address Count:                       1

Static Multicast and Multiport MAC Address (User-defined) Count: 1

Total Multicast and Multiport MAC Addresses Available:           256

Table 4 Command output

Field

Description

Dynamic Unicast Address (Learned) Count

Number of dynamic unicast MAC address entries triggered by packets.

Dynamic Unicast Address (Security-service-defined) Count

Number of dynamic unicast MAC address entries triggered by the security service.

Static Unicast Address (User-defined) Count

Number of static unicast MAC address entries added by users.

Static Unicast Address (System-defined) Count

Number of static unicast MAC address entries added by the system.

Total Unicast MAC Addresses In Use

Number of unicast MAC address entries.

Total Unicast MAC Addresses Available

Maximum number of unicast MAC address entries allowed.

Multicast and Multiport MAC Address Count

Number of multicast and multiport unicast MAC address entries.

Static Multicast and Multiport MAC Address (User-defined) Count

Number of static multicast and multiport unicast MAC address entries added by users.

Total Multicast and Multiport MAC Addresses Available

Maximum number of multicast and multiport unicast MAC address entries allowed.

 

mac-address (interface view)

Use mac-address to add or modify a MAC address entry on an interface.

Use undo mac-address to delete a MAC address entry on an interface.

Syntax

Layer 2 Ethernet interface view and Layer 2 aggregate interface view:

mac-address { dynamic | multiport | static } mac-address vlan vlan-id

undo mac-address { dynamic | multiport | static } mac-address vlan vlan-id

S-channel interface view and S-channel aggregate interface view:

mac-address { dynamic | static } mac-address vlan vlan-id

undo mac-address { dynamic | static } mac-address vlan vlan-id

Default

An interface is not configured with MAC address entries.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

S-channel interface view, S-channel aggregate interface view

Predefined user roles

network-admin

Parameters

dynamic: Specifies dynamic MAC address entries.

static: Specifies static MAC address entries.

multiport: Specifies multiport unicast MAC address entries. A frame whose destination MAC address matches a multiport unicast MAC address entry is sent out of multiple ports.

mac-address: Specifies a MAC address in the format of H-H-H, excluding multicast and all-zero MAC addresses. When entering a MAC address, you can omit the leading zeros in each H section. For example, enter f-e2-1 for 000f-00e2-0001.

vlan vlan-id: Specifies an existing VLAN to which the specified interface belongs. The value range for the vlan-id argument is 1 to 4094.

Usage guidelines

Typically, the device automatically builds the MAC address table by learning the source MAC addresses of incoming frames on each interface. However, you can manually configure static MAC address entries. For a MAC address, a manually configured static entry takes precedence over a dynamically learned entry. To improve the security for the user device connected to an interface, manually configure a static entry to bind the user device to the interface. Then, the frames destined for the user device (for example, Host A) are always sent out of the interface. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A.

The MAC address entry configuration cannot survive a reboot unless you save it. The dynamic MAC address entries, however, are lost upon reboot whether or not you save the configuration.

Examples

# Add a static entry for MAC address 000f-e201-0101 on interface Ten-GigabitEthernet 1/0/1 that belongs to VLAN 2.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mac-address static 000f-e201-0101 vlan 2

# Add a static entry for MAC address 000f-e201-0101 on Layer 2 aggregate interface Bridge-Aggregation 1 that belongs to VLAN 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] mac-address static 000f-e201-0102 vlan 1

# Add a static entry for MAC address 000f-e201-0102 on interface S-Channel 1/0/1:10 that belongs to VLAN 1.

<Sysname> system-view

[Sysname] interface s-channel 1/0/1:10

[Sysname-S-Channel1/0/1:10] mac-address static 000f-e201-0102 vlan 1

# Add a static entry for MAC address 000f-e201-0102 on interface Schannel-Aggregation 1:2 that belongs to VLAN 1.

<Sysname> system-view

[Sysname] interface schannel-aggregation 1:2

[Sysname-Schannel-Aggregation1:2] mac-address static 000f-e201-0102 vlan 1

# Add a multiport unicast MAC address entry for MAC address 0001-0001-0101 on Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 that belong to VLAN 2.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mac-address multiport 0001-0001-0101 vlan 2

[Sysname-Ten-GigabitEthernet1/0/1] quit

[Sysname] interface ten-gigabitethernet 1/0/2

[Sysname-Ten-GigabitEthernet1/0/2] mac-address multiport 0001-0001-0101 vlan 2

Related commands

·     display mac-address

·     mac-address (system view)

mac-address (system view)

Use mac-address to add or modify a MAC address entry.

Use undo mac-address to delete one or all MAC address entries.

Syntax

mac-address { dynamic | static } mac-address interface interface-type interface-number vlan vlan-id

mac-address blackhole mac-address vlan vlan-id

mac-address multiport mac-address interface interface-list vlan vlan-id

undo mac-address [ [ dynamic | static ] mac-address interface interface-type interface-number vlan vlan-id ]

undo mac-address [ blackhole | dynamic | static ] [ mac-address ] vlan vlan-id

undo mac-address [ dynamic | static ] interface interface-type interface-number

undo mac-address multiport mac-address interface interface-list vlan vlan-id

undo mac-address [ multiport ] [ [ mac-address ] vlan vlan-id ]

undo mac-address nickname nickname

undo mac-address mac-address nickname nickname vlan vlan-id

Default

The system is not configured with MAC address entries.

Views

System view

Predefined user roles

network-admin

Parameters

dynamic: Specifies dynamic MAC address entries.

static: Specifies static MAC address entries.

blackhole: Specifies blackhole MAC address entries. Packets whose source or destination MAC addresses match blackhole MAC address entries are dropped.

multiport: Specifies multiport unicast MAC address entries. A frame whose destination MAC address matches a multiport unicast MAC address entry is sent out of multiple ports.

mac-address: Specifies a MAC address in the format of H-H-H, excluding multicast and all-zero MAC addresses. When entering a MAC address, you can omit the leading zeros in each H section. For example, enter f-e2-1 for 000f-00e2-0001.

vlan vlan-id: Specifies an existing VLAN to which the interface belongs. The value range for the vlan-id argument is 1 to 4094.

interface interface-type interface-number: Specifies an outgoing interface by its type and number.

interface interface-list: Specifies interfaces in the format of { interface-type interface-number [ to interface-type interface-number ] } &<1-n>. The interface can only be a Layer 2 Ethernet interface or Layer 2 aggregate interface. &<1-4> specifies that you can configure a maximum of 4 interfaces or interface ranges.

nickname nickname: Specifies an RB (through which the packets leave the TRILL network) by its nickname. The nickname is a hexadecimal number in the range of 0x1 to 0xFFFE.

Usage guidelines

Typically, the device automatically builds the MAC address table by learning the source MAC addresses of incoming frames on each interface. However, you can manually configure static MAC address entries. For a MAC address, a manually configured static entry takes precedence over a dynamically learned entry. To improve the security for the user device connected to an interface, manually configure a static entry to bind the user device to the interface. Then, the frames destined for the user device (for example, Host A) are always sent out of the interface. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A.

To drop frames with the specified source MAC addresses or destination MAC addresses, you can configure blackhole MAC address entries.

To send frames with a specific destination MAC address out of multiple ports, configure a multiport unicast MAC address entry. When you execute this command for the first time, the command adds a MAC address entry. When you execute the command again with the same MAC address and VLAN but with different interfaces, this command adds the specified interfaces for this entry.

A static or blackhole MAC address entry can overwrite a dynamic MAC address entry, but not vice versa.

If you execute the undo mac-address command without specifying any parameters, this command deletes all unicast MAC address entries and static multicast MAC address entries.

You can delete all the MAC address entries (including unicast MAC address entries and static multicast MAC address entries) of a specified VLAN. You can also delete only one type (dynamic, static, blackhole, or multiport unicast) of MAC address entries. You can single out an interface and delete the corresponding unicast MAC address entries, but not the corresponding static multicast MAC address entries. You can single out an RB through which the packets leave the TRILL network and delete the corresponding unicast MAC address entries.

The MAC address entry configuration cannot survive a reboot unless you save it. The dynamic MAC address entries, however, are lost upon reboot whether or not you save the configuration.

Examples

# Add a static entry for MAC address 000f-e201-0101. Then, all frames that are destined for this MAC address are sent out of interface Ten-GigabitEthernet 1/0/1, which belongs to VLAN 2.

<Sysname> system-view

[Sysname] mac-address static 000f-e201-0101 interface ten-gigabitethernet 1/0/1 vlan 2

# Add a multiport unicast MAC address entry for MAC address 000f-e201-0101. Then, all frames that are destined for this MAC address are sent out of Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3, which belong to VLAN 2.

<Sysname> system-view

[Sysname] mac-address multiport 000f-e201-0101 interface ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/3 vlan 2

Related commands

·     display mac-address

·     mac-address (interface view)

mac-address mac-learning enable

Use mac-address mac-learning enable to enable MAC address learning globally, on an interface, or on a VLAN.

Use undo mac-address mac-learning enable to disable MAC address learning globally, on an interface, or on a VLAN.

Syntax

mac-address mac-learning enable

undo mac-address mac-learning enable

Default

MAC address learning is enabled.

Views

System view

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

S-channel interface view, S-channel aggregate interface view

VLAN view

Predefined user roles

network-admin

Usage guidelines

To prevent the MAC address table from becoming saturated, you can disable MAC address learning.

For example, a number of packets with different source MAC addresses reaching a device can affect the MAC address table update. To avoid such attacks, you can disable MAC address learning by following these guidelines:

·     You can disable MAC address learning on a per-interface basis. If you disable MAC address learning globally, MAC address learning is disabled for all interfaces. The device then stops learning MAC addresses and cannot dynamically update the MAC address table.

·     Because disabling MAC address learning can result in broadcast storms, enable broadcast storm suppression after you disable MAC address learning on an interface. For more information about broadcast storm suppression, see Layer 2—LAN Switching Configuration Guide.

·     With MAC address learning enabled globally, you can disable MAC address learning for an interface or VLAN.

This command does not take effect in a TRILL network or for an S-channel. For information about TRILL, see TRILL Configuration Guide. For information about S-channels, see EVB Configuration Guide.

When MAC address learning is disabled, the device immediately deletes the existing dynamic MAC address entries.

Examples

# Disable MAC address learning globally.

<Sysname> system-view

[Sysname] undo mac-address mac-learning enable

# Disable MAC address learning for VLAN 10.

<Sysname> system-view

[Sysname] vlan 10

[Sysname-vlan10] undo mac-address mac-learning enable

# Disable MAC address learning on interface Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] undo mac-address mac-learning enable

# Disable MAC address learning on interface Bridge-Aggregation 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] undo mac-address mac-learning enable

# Disable MAC address learning on interface S-Channel 1/0/1:10.

<Sysname> system-view

[Sysname] interface s-channel 1/0/1:10

[Sysname-S-Channel1/0/1:10] undo mac-address mac-learning enable

# Disable MAC address learning on interface Schannel-Aggregation 1:2.

<Sysname> system-view

[Sysname] interface schannel-aggregation 1:2

[Sysname-Schannel-Aggregation1:2] undo mac-address mac-learning enable

Related commands

display mac-address mac-learning

mac-address mac-learning priority

Use mac-address mac-learning priority to assign MAC learning priority to an interface.

Use undo mac-address mac-learning priority to restore the default.

Syntax

mac-address mac-learning priority { high | low }

undo mac-address mac-learning priority

Default

Low MAC address learning priority is used.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

high: Assigns high MAC learning priority.

low: Assigns low MAC learning priority.

Usage guidelines

The MAC address learning priority values can be high and low. An interface with high MAC address learning priority can learn any MAC address. An interface with low MAC address learning priority can learn only the MAC addresses that have not been learned by high-priority interfaces.

The MAC learning priority mechanism can help defend your network against MAC address spoofing attacks. To prevent the downlink interface from learning the MAC address of an upper layer device (for example, the gateway), you can perform the following tasks:

·     Assign high MAC learning priority to an uplink interface.

·     Assign low MAC learning priority to a downlink interface .

Examples

# Assign high MAC learning priority to interface Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mac-address mac-learning priority high

# Assign high MAC learning priority to interface Bridge-Aggregation 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] mac-address mac-learning priority high

mac-address mac-roaming enable

Use mac-address mac-roaming enable to enable MAC address synchronization.

Use undo mac-address mac-roaming enable to restore the default.

Syntax

mac-address mac-roaming enable

undo mac-address mac-roaming enable

Default

MAC address synchronization is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If ports on different IRF member devices are Selected ports from the same aggregation group, MAC address entries are synchronized among these IRF member devices. They are synchronized whether or not MAC address synchronization is enabled for the IRF fabric. For more information about aggregation groups, see Layer 2—LAN Switching Configuration Guide.

The MAC address table size might vary by IRF member device. With MAC address synchronization enabled, MAC address entries exceeding the table size of an IRF member device cannot be synchronized to the MAC address table.

Examples

# Enable MAC address synchronization.

<Sysname> system-view

[Sysname] mac-address mac-roaming enable

mac-address max-mac-count

Use mac-address max-mac-count to set the MAC learning limit on an interface.

Use undo mac-address max-mac-count to restore the default.

Syntax

mac-address max-mac-count count

undo mac-address max-mac-count

Default

The maximum number of MAC addresses that can be learned on an interface is not set.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

count: Sets the maximum number of MAC addresses that can be learned on an interface. The value range is 0 to 4096. When the argument is set to 0, the interface is not allowed to learn MAC addresses.

Usage guidelines

When the number of MAC address entries learned by an interface reaches the limit, the interface stops learning MAC address entries.

Examples

# Configure interface Ten-GigabitEthernet 1/0/1 to learn a maximum of 600 MAC address entries.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mac-address max-mac-count 600

Related commands

·     mac-address

·     mac-address max-mac-count enable-forwarding

mac-address max-mac-count enable-forwarding

Use mac-address max-mac-count enable-forwarding to enable the device to forward unknown frames received on an interface after the MAC learning limit on the interface is reached.

Use undo mac-address max-mac-count enable-forwarding to disable the device from forwarding unknown frames received on an interface after the MAC learning limit on the interface is reached.

Syntax

mac-address max-mac-count enable-forwarding

undo mac-address max-mac-count enable-forwarding

Default

When the MAC learning limit on an interface is reached, the device can forward unknown frames received on the interface.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

In this document, unknown frames refer to frames whose source MAC addresses are not in the MAC address table.

Examples

# Configure Ten-GigabitEthernet 1/0/1 to learn a maximum of 600 MAC address entries.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mac-address max-mac-count 600

# Disable the device from forwarding unknown frames received on Ten-GigabitEthernet 1/0/1 after the MAC learning limit on Ten-GigabitEthernet 1/0/1 is reached.

[Sysname-Ten-GigabitEthernet1/0/1] undo mac-address max-mac-count enable-forwarding

Related commands

·     mac-address

·     mac-address max-mac-count

mac-address mac-move fast-update

Use mac-address mac-move fast-update to enable ARP fast update for MAC address moves.

Use undo mac-address mac-move fast-update to restore the default.

Syntax

mac-address mac-move fast-update

undo mac-address mac-move fast-update

Default

ARP fast update is disabled for MAC address moves.

Views

System view

Predefined user roles

network-admin

Examples

# Enable ARP fast update for MAC address moves.

<Sysname> system-view

[Sysname] mac-address mac-move fast-update

mac-address notification mac-move

Use mac-address notification mac-move to enable MAC address move notifications and optionally set a MAC move detection interval.

Use undo mac-address notification mac-move to restore the default.

Syntax

mac-address notification mac-move [ interval interval-value ]

undo mac-address notification mac-move

Default

MAC address move notifications are disabled, and the MAC move detection interval for MAC address moves is 1 minute.

Views

System view

Predefined user roles

network-admin

Parameters

interval interval-value: Sets a detection interval for MAC address moves, in the range of 1 to 60 minutes. If you do not specify this option, the default setting of 1 minute is used.

Usage guidelines

With MAC address move notifications enabled, the system displays the MAC address move logs when it detects MAC address moves. Each record of the MAC address move logs contains the following information:

·     MAC address.

·     VLAN ID of the MAC address entry.

·     Current port and source port of the MAC address moves.

·     Number of MAC address moves within a MAC move detection interval.

After you execute this command:

·     If the snmp-agent trap enable mac-address command is also executed, the system sends SNMP information to the SNMP module of the device.

·     If the snmp-agent trap enable mac-address command is not executed, the system sends syslog messages to the information center module.

Within a detection interval an IRF member device can record MAC address move information for a maximum of 20 MAC addresses. The records are ranked in descending order of MAC move count. When the MAC move count of a new record is higher than the MAC move count of any existing record, the device performs the following operations:

·     Discards the record that has the lowest MAC move count.

·     Ranks the MAC address move records in descending order of MAC move count.

Then in the next detection interval, the device discards all MAC address move records generated in the previous detection interval and starts another round of MAC move record generation.

Examples

# Enable MAC address move notifications.

<Sysname> system-view

[Sysname] mac-address notification mac-move

[Sysname]

%May 14 17:16:45:688 2013 Sysname MAC/4/MAC_FLAPPING: MAC address 0000-0012-0034 in VLAN 500 has moved from port XGE1/0/1 to port XGE1/0/2 for 1 times

The output shows that:

·     The VLAN ID of which MAC address 0000-0012-0034 is VLAN 500.

·     The MAC address moved from port Ten-GigabitEthernet 1/0/1 to port Ten-GigabitEthernet 1/0/2.

·     The MAC address has moved once within the last 1 minute (the default interval).

Related commands

display mac-address mac-move

mac-address notification mac-move suppression

Use mac-address notification mac-move suppression to enable MAC address move suppression.

Use undo mac-address notification mac-move suppression to restore the default.

Syntax

mac-address notification mac-move suppression

undo mac-address notification mac-move suppression

Default

MAC address moves are not suppressed.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

This feature shuts an interface down when a MAC address has been moved from the interface more than the specified suppression threshold within a MAC move detection interval. You can use the shutdown command and then the undo shutdown command to bring up the interface. Also, the interface can automatically come up after a suppression interval.

Examples

# Enable MAC address move suppression on Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mac-address notification mac-move suppression

mac-address notification mac-move suppression interval

Use mac-address notification mac-move suppression interval to set a suppression interval for MAC address moves.

Use undo mac-address notification mac-move suppression interval to restore the default.

Syntax

mac-address notification mac-move suppression interval interval-value

undo mac-address notification mac-move suppression

Default

The suppression interval for MAC address moves is 30 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the MAC address move suppression interval in the range of 30 to 86400 seconds. If you do not specify this option, the default suppression interval of 30 seconds is used.

Examples

# Set the suppression interval to 100 seconds for MAC address moves.

<Sysname> system-view

[Sysname] mac-address notification mac-move suppression interval 100

mac-address notification mac-move suppression threshold

Use mac-address notification mac-move suppression threshold to set a threshold for MAC address moves sourced from an interface within a detection interval.

Use undo mac-address notification mac-move suppression threshold to restore the default.

Syntax

mac-address notification mac-move suppression threshold threshold-value

undo mac-address notification mac-move suppression threshold

Default

The threshold is 3.

Views

System view

Predefined user roles

network-admin

Parameters

threshold-value: Sets the threshold for MAC address moves sourced from an interface within a detection interval. The value range for this argument is 0 to 1024.

Usage guidelines

The system shuts down the interface when the following conditions exist:

·     The interface is enabled with MAC address move suppression.

·     The number of MAC address moves from the interface within a detection interval exceeds the threshold.

After the suppression interval elapses, the interface comes up automatically. You can also use the undo shutdown command to manually bring up the interface.

If the threshold is set to 0, the system shuts down an interface if a MAC address moves from the interface.

Examples

# Set the threshold to 1 for MAC address moves sourced from an interface within a detection interval.

<Sysname> system-view

[Sysname] mac-address notification mac-move suppression threshold 1

mac-address static source-check enable

Use mac-address static source-check enable to enable the static source check feature.

Use undo mac-address static source-check enable to disable the static source check feature.

Syntax

mac-address static source-check enable

undo mac-address static source-check enable

Default

The static source check feature is enabled.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

Examples

# Disable the static source check feature.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] undo mac-address static source-check enable

mac-address timer

Use mac-address timer to set the aging timer for dynamic MAC address entries.

Use undo mac-address timer to restore the default.

Syntax

mac-address timer { aging seconds | no-aging }

undo mac-address timer

Default

The aging timer for dynamic MAC address entries is 300 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

aging seconds: Sets an aging timer (in seconds) for dynamic MAC address entries, in the range of 10 to 1000000 seconds.

no-aging: Configures dynamic MAC address entries not to age.

Usage guidelines

To set the aging timer appropriately, follow these guidelines:

·     A long aging interval causes the MAC address table to retain outdated entries and fail to accommodate the most recent network changes.

·     A short aging interval results in removal of valid entries. Then, unnecessary broadcasts packets appear and affect device performance.

Examples

# Set the aging time to 500 seconds for dynamic MAC address entries.

<Sysname> system-view

[Sysname] mac-address timer aging 500

Related commands

display mac-address aging-time

snmp-agent trap enable mac-address

Use snmp-agent trap enable mac-address to enable SNMP notifications for the MAC address table.

Use undo snmp-agent trap enable mac-address to disable SNMP notifications for the MAC address table.

Syntax

snmp-agent trap enable mac-address [ mac-move ]

undo snmp-agent trap enable mac-address [ mac-move ]

Default

SNMP notifications for the MAC address table are enabled.

Views

System view

Predefined user roles

network-admin

Parameters

mac-move: Enables SNMP notifications about the MAC address moves for the MAC address table. If you do not specify this keyword, the command enables all types of SNMP notifications for the MAC address table.

Usage guidelines

When SNMP notifications are disabled for the MAC address table, MAC address moves are reported in syslog messages.

The MAC address table supports only SNMP notifications about MAC address moves. When you enable or disable SNMP notifications about MAC address moves, you enable or disable all types of SNMP notifications for the MAC address table.

Examples

# Disable SNMP notifications about MAC address moves for the MAC address table.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable mac-address mac-move

Related commands

mac-address notification mac-move


MAC Information commands

mac-address information enable (interface view)

Use mac-address information enable to enable MAC Information on an interface.

Use undo mac-address information enable to disable MAC Information on an interface.

Syntax

mac-address information enable { added | deleted }

undo mac-address information enable { added | deleted }

Default

MAC Information is disabled on an interface.

Views

Layer 2 Ethernet interface view, S-channel interface view, S-channel aggregate interface view

Predefined user roles

network-admin

Parameters

added: Enables the device to record MAC change information when a new MAC address is learned on an interface.

deleted: Enables the device to record MAC change information when an existing MAC address is deleted.

Usage guidelines

Before you enable MAC Information on an interface, enable MAC Information globally.

Examples

# Enable MAC Information on Ten-GigabitEthernet 1/0/1 to enable the interface to record MAC change information when learning a new MAC address.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mac-address information enable added

# Enable MAC Information on S-Channel 1/0/1:10 to the interface to record MAC change information when learning a new MAC address.

<Sysname> system-view

[Sysname] interface s-channel 1/0/1:10

[Sysname-S-Channel1/0/1:10] mac-address information enable added

# Enable MAC Information on Schannel-Aggregation 1:2 to enable the interface to record MAC change information when learning a new MAC address.

<Sysname> system-view

[Sysname] interface schannel-aggregation 1:2

[Sysname-Schannel-Aggregation1:2] mac-address information enable added

Related commands

mac-address information enable (system view)

mac-address information enable (system view)

Use mac-address information enable to enable MAC Information globally.

Use undo mac-address information enable to disable MAC Information globally.

Syntax

mac-address information enable

undo mac-address information enable

Default

MAC Information is disabled globally.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Before you enable MAC Information on an interface, enable MAC Information globally.

Examples

# Enable MAC Information globally.

<Sysname> system-view

[Sysname] mac-address information enable

Related commands

mac-address information enable (interface view)

mac-address information interval

Use mac-address information interval to set the MAC change notification interval.

Use undo mac-address information interval to restore the default.

Syntax

mac-address information interval interval-time

undo mac-address information interval

Default

The MAC change notification interval is 1 second.

Views

System view

Predefined user roles

network-admin

Parameters

interval-time: Sets the MAC change notification interval in the range of 1 to 20000 seconds.

Usage guidelines

To prevent syslog messages or SNMP notifications from being sent too frequently, set the MAC change notification interval to a larger value.

Examples

# Set the MAC change notification interval to 200 seconds.

<Sysname> system-view

[Sysname] mac-address information interval 200

mac-address information mode

Use mac-address information mode to set the MAC Information mode. The MAC Information mode specifies the type of messages (syslog messages or SNMP notifications) used to notify MAC changes.

Use undo mac-address information mode to restore the default.

Syntax

mac-address information mode { syslog | trap }

undo mac-address information mode

Default

SNMP notifications are sent to notify MAC changes.

Views

System view

Predefined user roles

network-admin

Parameters

syslog: Specifies that the device sends syslog messages to notify MAC changes.

trap: Specifies that the device sends SNMP notifications to notify MAC changes.

Examples

# Set the MAC Information mode to trap.

<Sysname> system-view

[Sysname] mac-address information mode trap

mac-address information queue-length

Use mac-address information queue-length to set the MAC Information queue length.

Use undo mac-address information queue-length to restore the default.

Syntax

mac-address information queue-length value

undo mac-address information queue-length

Default

The MAC Information queue length is 50.

Views

System view

Predefined user roles

network-admin

Parameters

value: Sets the MAC Information queue length in the range of 0 to 1000. The MAC Information queue length indicates the number of MAC change messages.

Usage guidelines

If the MAC Information queue length is 0, the device sends a syslog message or SNMP notification immediately after learning or deleting a MAC address.

If the MAC Information queue length is not 0, the device stores MAC changes in the queue:

·     The device overwrites the oldest MAC change written into the queue with the most recent MAC change when the following conditions exist:

¡     The MAC change notification interval does not expire.

¡     The queue has been exhausted.

·     The device sends syslog messages or SNMP notifications only if the MAC change notification interval expires.

Examples

# Set the MAC Information queue length to 600.

<Sysname> system-view

[Sysname] mac-address information queue-length 600