Login
- Table of Contents
-
- H3C Low-End and Mid-Range Ethernet Switches Configuration Examples(V1.01)
- 00-1Cover
- 01-Login Configuration Guide
- 02-VLAN Configuration Guide
- 03-GVRP Configuration Guide
- 04-Voice VLAN Configuration Guide
- 05-IP Addressing and Performance Configuration Guide
- 06-QinQ Configuration Guide
- 07-BPDU Tunnel Configuration Guide
- 08-VLAN Mapping Configuration Guide
- 09-MAC Address Table Management Configuration Guide
- 10-Link Aggregation Configuration Guide
- 11-IP Source Guard Configuration Guide
- 12-DLDP Configuration Guide
- 13-MSTP Configuration Guide
- 14-IPv4 Routing Configuration Guide
- 15-IPv6 Configuration Guide
- 16-IPv6 Routing Configuration Guide
- 17-IPv4 Multicast Configuration Guide
- 18-IPv6 Multicast Configuration Examples
- 19-802.1x Configuration Guide
- 20-AAA Configuration Guide
- 21-MAC Authentication Configuration Guide
- 22-Portal Configuration Guide
- 23-ARP Configuration Guide
- 24-DHCP Configuration Guide
- 25-ACL Configuration Guide
- 26-QoS Configuration Guide
- 27-Port Mirroring Configuration Guide
- 28-Cluster Management Configuration Guide
- 29-SNMP-RMON Configuration Guide
- 30-NTP Configuration Guide
- 31-FTP-TFTP Configuration Guide
- 32-UDP Helper Configuration Guide
- 33-Information Center Configuration Guide
- 34-DNS Configuration Guide
- 35-File System Management Configuration Guide
- 36-Remote Upgrade Configuration Guide
- 37-NQA Configuration Guide
- 38-VRRP Configuration Guide
- 39-SSH Configuration Guide
- 40-Port Security Configuration Guide
- 41-Port Isolation Configuration Guide
- 42-LLDP Configuration Guide
- 43-MCE Configuration Guide
- 44-PoE Configuration Guide
- 45-OAM Configuration Guide
- 46-Connectivity Fault Detection Configuration Guide
- 47-RRPP Configuration Guide
- 48-sFlow Configuration Guide
- 49-SSL-HTTPS Configuration Guide
- 50-PKI Configuration Guide
- 51-Track Configuration Guide
- 52-EPON-OLT Configuration Guide
- 53-Smart Link Configuration Guide
- 54-MPLS Configuration Guide
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 09-MAC Address Table Management Configuration Guide | 48.92 KB |
1 MAC Address Table Management Configuration Guide·
Configuring MAC Address Table Management
Networking and Configuration Requirements
Configuring MAC Address Table Management
Network Diagram
Figure 1-1 Network diagram for MAC address table management
Networking and Configuration Requirements
Server is connected to Switch through port GigabitEthernet 1/0/2. Configure a static MAC address entry of Server on Switch, so that Switch always unicasts rather than broadcasts packets destined for Server through GigabitEthernet 1/0/2. Port GigabitEthernet 1/0/10 is connected with a network management server (NMS). For network management security, configure GigabitEthernet 1/0/10 to permit the access of this NMS only.
l The MAC address of Server is 000f-e20f-dc71
l Port GigabitEthernet 1/0/2, GigabitEthernet 1/0/5, and GigabitEthernet 1/0/10 belong to VLAN 10
l The MAC address of NMS is 0014-222c-aa69
l Set the aging time of MAC address entries on Switch to 500 seconds
Applicable Product Matrix
|
Product series |
Software version |
Hardware version |
|
S3610 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
|
S5510 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
|
S5500-SI Series Ethernet Switches |
Release 1207 |
All versions except S5500-20TP-SI |
|
Release 1301 |
S5500-20TP-SI |
|
|
S5500-EI Series Ethernet Switches |
Release 2102 |
All versions |
|
S7500E Series Ethernet Switches |
Release 6100, Release 6300 |
All versions |
Configuration Procedure
<Sysname> system-view
[Sysname] vlan 10
[Sysname-vlan10] port GigabitEthernet1/0/2 GigabitEthernet1/0/5 GigabitEthernet1/0/10
# Add a static MAC address entry.
[Sysname] mac-address static 000f-e20f-dc71 interface GigabitEthernet 1/0/2 vlan 10
# Set the aging time of dynamic MAC address entries on Switch to 500 seconds.
[Sysname] mac-address timer aging 500
# Display the configuration of MAC address table in system view.
[Sysname] display mac-address interface GigabitEthernet 1/0/2
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
000f-e20f-dc71 1 Config static GigabitEthernet1/0/2 NOAGED
00e0-fc17-a7d6 1 Learned GigabitEthernet1/0/2 AGING
00e0-fc5e-b1fb 1 Learned GigabitEthernet1/0/2 AGING
00e0-fc55-f116 1 Learned GigabitEthernet1/0/2 AGING
--- 4 mac address(es) found on port GigabitEthernet1/0/2 ---
# Set the MAC learning limit to 0 on GigabitEthernet 1/0/10, and add a static MAC address entry for the port, so that port GigabitEthernet 1/0/10 can forward only the packets sent by NMS, and other hosts cannot communicate through this port.
[Sysname] interface GigabitEthernet 1/0/10
[Sysname-GigabitEthernet1/0/10] port access vlan 10
[Sysname-GigabitEthernet1/0/10] mac-address max-mac-count 0
[Sysname-GigabitEthernet1/0/10] mac-address static 0014-222c-aa69 vlan 10
# Disable GigabitEthernet 1/0/10 from forward frames whose source MAC addresses are not in the MAC address table when the MAC learning limit is reached. Ethernet switches of the S3610, S5510, and S3500-EA series support this operation.
[Sysname-GigabitEthernet1/0/10] mac-address max-mac-count disable-forwarding
Complete Configuration
#
mac-address timer aging 500
#
vlan 10
#
interface GigabitEthernet1/0/2
port access vlan 10
mac-address static 000f-e20f-dc71 vlan 10
#
interface GigabitEthernet1/0/5
port access vlan 10
#
interface GigabitEthernet1/0/10
port access vlan 10
mac-address max-mac-count 0
mac-address max-mac-count disable-forwarding
mac-address static 0014-222c-aa69 vlan 10
Configuration Guidelines
l You cannot configure a static or dynamic MAC address entry on an aggregate port of any device of any version, except for Release 6300 of the S7500 series Ethernet switches.
l The MAC address aging timer setting takes effect on all ports. It affects only dynamic MAC address entries including those learned by the device and manually configured as dynamic entries.
l Ethernet switches of the S5500-SI, S5500-EI, and S7500E series do not support the disable-forwarding keyword in the mac-address max-mac-count command. When the MAC learning limit is reached, the port does not forward frames whose source MAC addresses are not in the MAC address table.
