Login
- Table of Contents
-
- H3C S9500 Operation Manual-Release2132[V2.03]-08 System Volume
- 00-1Cover
- 01-GR Configuration
- 02-VRRP Configuration
- 03-HA Configuration
- 04-Device Management Configuration
- 05-NQA Configuration
- 06-NetStream Configuration
- 07-NTP Configuration
- 08-RMON Configuration
- 09-SNMP Configuration
- 10-File System Management Configuration
- 11-System Maintaining and Debugging Configuration
- 12-Basic System Configuration
- 13-Information Center Configuration
- 14-User Interface Configuration
- 15-MAC Address Table Management Configuration
- 16-PoE Configuration
- 17-Clock Monitoring Configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 15-MAC Address Table Management Configuration | 64.25 KB |
Table of Contents
Chapter 1 MAC Address Table Management Configuration
1.1 Introduction to MAC Address Table Management
1.2 Configuring MAC Address Table Management
1.2.1 Configuring MAC Address Entries
1.2.2 Disabling Global MAC Address Learning
1.2.3 Disabling MAC Address Learning on an Ethernet Port or Port Group
1.2.4 Configuring MAC Address Aging Timer
1.2.5 Configuring the Maximum Number of MAC Addresses an Ethernet Port or a Port Group Can Learn
1.2.6 Configuring the Maximum Number of MAC Addresses a VLAN Can Learn
1.3 Displaying MAC Address Table Management
1.4 MAC Address Table Management Configuration Example
Chapter 1 MAC Address Table Management Configuration
When configuring MAC table management, go to these sections for information you are interested in:
l Introduction to MAC Address Table Management
l Configuring MAC Address Table Management
l Displaying MAC Address Table Management
l MAC Address Table Management Configuration Example
& Note:
The term router and router icons mentioned in the following routing protocol refer to the routers in a generic sense and the switches running routing protocols.
1.1 Introduction to MAC Address Table Management
A device maintains a MAC address table for frame forwarding. Each entry in this table indicates the MAC address of a connected device, to which interface this device is connected and to which VLAN the interface belongs.
A MAC address table consists of two types of entries: static and dynamic. Static entries are manually configured and never age out. Dynamic entries can be manually configured or dynamically learned and may age out.
The following is how your device learns a MAC address after it receives a frame from a port, Port 1 for example:
1) Check the frame for the source MAC address (MAC A for example).
2) Look up the MAC address table for an entry corresponding to the MAC address and do the following:
l If an entry is found for the MAC address, update the entry.
l If no entry is found, add an entry for the MAC address and indicate from which interface the frame is received.
When receiving a frame destined for MAC A, the device looks up the MAC address table and forwards it from port 1.
& Note:
Dynamically learned MAC addresses cannot overwrite static MAC address entries, but the latter can overwrite the former.
As shown in Figure 1-1, when forwarding a frame, the device looks up the MAC address table. If an entry is available for the destination MAC address, the device forwards the frame directly from the hardware. If not, it does the following:
1) Broadcast the frame.
2) After the frame reaches the destination, the destination sends back a response with its MAC address. (If no response is received, the frame will be dropped.)
3) Upon receipt of the response, the device adds an entry in the MAC address table, indicating from which interface the frames destined for the MAC address should be sent.
4) Forward subsequent frames destined for the same MAC address directly from the hardware.
5) Discard the frames which cannot reach the destination MAC address.
Figure 1-1 Forward frames using the MAC address table
1.2 Configuring MAC Address Table Management
1.2.1 Configuring MAC Address Entries
Follow these steps to add, modify, or remove entries in the MAC address table:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Add/modify a MAC address entry |
mac-address { dynamic | static } mac-address interface interface-type interface-number vlan vlan-id |
Required |
|
mac-address blackhole mac-address vlan vlan-id |
||
|
Enter Ethernet interface view |
interface interface-type interface-number |
— |
|
Add/modify MAC address entries under the specified interface view |
mac-address { static | dynamic } mac-address vlan vlan-id |
Required |
1.2.2 Disabling Global MAC Address Learning
You may need to disable MAC address learning sometimes to prevent the MAC address table from being saturated, for example, when your device is being attacked by a great deal of packets with different source MAC addresses.
Disabling the global MAC address learning disables the learning function on all ports.
Follow these steps to disable MAC address learning:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Disable global MAC address learning |
mac-address mac-learning disable |
Required Enabled by default |
1.2.3 Disabling MAC Address Learning on an Ethernet Port or Port Group
After enabling global MAC address learning, you may disable the MAC address learning function on a port as needed.
Follow these steps to disable MAC address learning on a port or port group:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enable global MAC address learning |
undo mac-address mac-learning disable |
Optional Enabled by default. |
|
|
Enter Ethernet interface view or port group view |
Enter Ethernet interface view |
interface interface-type interface-number |
Use either command In Ethernet interface view, the following configurations only take effect for the current port; in port group view, the configurations take effect for all ports. |
|
Enter port group view |
port-group { aggregation agg-id | manual port-group-name} |
||
|
Disable MAC address learning on an Ethernet interface or port group |
mac-address mac-learning disable |
Required Enabled by default |
|
1.2.4 Configuring MAC Address Aging Timer
The MAC address table on your device is available with an aging mechanism for dynamic entries to prevent its resources from being exhausted. Configure the aging timer appropriately: a long aging interval may cause the MAC address table to retain outdated entries and fail to accommodate latest network changes; a short interval may result in removal of valid entries and hence unnecessary broadcasts which may affect device performance.
Follow these steps to configure the MAC address aging timer:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the aging timer for dynamic MAC address entries |
mac-address timer { aging seconds | no-aging } |
Optional 300 seconds by default. |
& Note:
l The aging time of the MAC addresses is available on all ports. The MAC address aging timer takes effect only on dynamic MAC address entries (learned or administratively configured) only.
l An aging timer does not take effect immediately after being configured, but take effect after the current aging period expires.
1.2.5 Configuring the Maximum Number of MAC Addresses an Ethernet Port or a Port Group Can Learn
To prevent a MAC address table from getting too large that it may degrade forwarding performance, you may restrict the number of MAC addresses that can be learned on a per-port or port group basis.
By using this command with the static MAC address function, you can disable an interface or a port group from learning MAC addresses, and only allow the packets with the specified destination address to pass, thus avoiding the access from the illegal devices to the network.
Follow these steps to configure the maximum number of MAC addresses that an Ethernet port or port group can learn:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter Ethernet interface or port group view |
Enter Ethernet interface view |
interface interface-type interface-number |
Use either command In the Ethernet interface view, the following configurations only take effect on the current port; in the port group view, the configurations take effect on all ports. |
|
Enter port group view |
port-group { | manual port-group-name | aggregation agg-id } |
||
|
Configure the maximum number of MAC addresses that can be learned on an Ethernet port or port group or configure whether frames with unknown destination MAC addresses can be forwarded or not after the upper limit is reached |
mac-address max-mac-count { count | disable-forwarding } |
Required The default maximum number of MAC addresses that can be learned is 14336. After the upper limit is reached, frames with unknown destination MAC addresses are forwarded by default. |
|
& Note:
A frame with the destination MAC address listed in the MAC address table will always be forwarded, no matter whether the disable-forwarding keyword is configured or not.
1.2.6 Configuring the Maximum Number of MAC Addresses a VLAN Can Learn
To prevent a MAC address table from getting so large that it may degrade forwarding performance, you may restrict the number of MAC addresses that can be learned. One approach is to do this on a per-VLAN basis.
Follow these steps to configure the maximum number of MAC addresses that a VLAN can learn:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter VLAN view |
vlan vlan-id |
— |
|
Configure the maximum number of MAC addresses that can be learned on a VLAN |
mac-address max-mac-count count |
Required 172032 by default |
& Note:
l Since there are no Layer 2 physical ports in a Super VLAN, the number of the learned MAC addresses is always 0. It is meaningless to configure the maximum number of MAC addresses that the Super VLAN can learn.
l When you execute the mac-address max-mac-count count command, if the number of MAC addresses leaned by the current VLAN already exceeds the configured value of the count argument, the switch will neither remove the excessive MAC address entries nor learn new MAC address until the number of MAC address entries becomes less than count through MAC address entries aging.
1.3 Displaying MAC Address Table Management
|
To do… |
Use the command… |
Remarks |
|
Display MAC address table information |
display mac-address [ mac-address [ vlan vlan-id ] | [ dynamic | static ] [ interface interface-type interface-number ] [ vlan vlan-id ] [ count ] ] |
Available in any view |
|
display mac-address blackhole [ vlan vlan-id ] [ count ] |
||
|
Display the aging timer for dynamic MAC address entries |
display mac-address aging-time |
|
|
Display the capability of system and port to learn MAC addresses dynamically |
display mac-address mac-learning [ interface-type interface-number ] |
1.4 MAC Address Table Management Configuration Example
I. Network requirements
Log onto your device from the console port to configure MAC address table management as follows:
l Set the aging timer to 500 seconds for dynamic MAC address entries.
l Add a static entry 00EA-FC35-DC71 for port GigabitEthernet 1/2/1 in VLAN 25.
II. Configuration procedure
# Add a static MAC address entry (showing the VLAN to which it belongs, port and status).
<Sysname> system-view
[Sysname] mac-address static 00ea-fc35-dc71 interface GigabitEthernet 1/2/1 vlan 25
# Set the aging timer for dynamic MAC address entries to 500 seconds.
[Sysname] mac-address timer aging 500
# Display the MAC address entry in any view.
[Sysname] display mac-address interface GigabitEthernet 1/2/1
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
00ea-fc35-dc71 25 Config static GigabitEthernet1/2/1 NOAGED
--- 1 mac address(es) found on port GigabitEthernet1/2/1 ---
