MAC address table configuration commands· 2

display mac-address 2

display mac-address aging-time· 3

display mac-address mac-learning· 4

mac-address (interface view) 5

mac-address (system view) 6

mac-address mac-learning disable· 7

mac-address max-mac-count 8

mac-address timer 9

 

The MAC address table configuration is supported only on Layer 2 Ethernet ports, WLAN-BSS interfaces, and Layer 2 aggregate interfaces.

This document covers only the configuration of MAC address entries, including static, dynamic, and destination blackhole MAC address entries.

display mac-address

Use display mac-address to display MAC address entries.

Syntax

display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type interface-number ] | blackhole ] [ vlan vlan-id ] [ count ] ] [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

blackhole: Displays destination blackhole MAC address entries. These entries do not age, but you can add or remove them. The packets whose destination MAC addresses match destination blackhole MAC address entries are dropped.

vlan vlan-id: Specifies a VLAN. The vlan-id argument ranges from 1 to 4094.

count: Displays the number of MAC address entries that match all entry attributes you specify in the command. When this keyword is used, the command displays only the number of specified MAC address entries, rather than related information about these MAC address entries.

mac-address: Specifies a MAC address in the format of H-H-H.

dynamic: Displays dynamic MAC address entries, which can be aged.

static: Displays static MAC address entries, which do not age.

interface interface-type interface-number: Specifies an interface by its type and number.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display the MAC address entry for MAC address 000f-e201-0101.

<Sysname> display mac-address 000f-e201-0101

MAC ADDR        VLAN ID    STATE            PORT INDEX              AGING TIME(s)

000f-e201-0101  1          Learned          GigabitEthernet1/0/1    AGING

 

  ---  1 mac address(es) found  ---

Table 1 Command output

Field	Description
MAC ADDR	MAC address.
VLAN ID	ID of the VLAN to which the MAC address belongs.
STATE	State of a MAC address entry: ·         Config static—Static entry manually configured by the user. ·         Config dynamic—Dynamic entry manually configured by the user. ·         Learned—Entry learned by the device. ·         Blackhole—Destination blackhole entry. ·         AUTH—Entry generated after a user passes the MAC authentication. For more information about MAC authentication, see Security Configuration Guide. ·         802.1X—Entry generated after a user passes the 802.1X authentication. For more information about 802.1X authentication, see Security Configuration Guide.
PORT INDEX	Outgoing port for packets that are destined for the MAC address. This field displays N/A for a blackhole MAC address entry.
AGING TIME(s)	Aging time: ·         AGING—The entry is aging. ·         NOAGED—The entry does not age.
1 mac address(es) found	Number of matching MAC address entries.

 

Related commands

·          mac-address (interface view)

·          mac-address (system view)

·          mac-address timer

display mac-address aging-time

Use display mac-address aging-time to display the aging timer for dynamic MAC address entries.

Syntax

display mac-address aging-time [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display the aging timer for dynamic entries in the MAC address table.

<Sysname> display mac-address aging-time

Mac address aging time: 300s

The output shows that the aging timer for dynamic entries in the MAC address table is 300 seconds.

Related commands

·          display mac-address

·          mac-address (interface view)

·          mac-address (system view)

·          mac-address timer

display mac-address mac-learning

Use display mac-address mac-learning to display the MAC address learning status of the specified or all Layer 2 Ethernet ports.

Syntax

display mac-address mac-learning [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ]

Views

Any view

Default command level

1: Monitor level

Parameters

interface-type interface-number: Specifies an interface by its type and number.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Examples

# Display MAC address learning status of all Ethernet ports.

<Sysname> display mac-address mac-learning

Mac address learning status of the switch: enable

 

PortName                       Learning Status

Bridge-Aggregation1               disable

GigabitEthernet1/0/1              enable

GigabitEthernet1/0/2              enable

WLAN-BSS1                         disable

WLAN-BSS2                         enable

WLAN-BSS32                        enable

WLAN-BSS33                        enable

WLAN-BSS34                        enable

Table 2 Command output

Field	Description
Mac-address learning status of the switch	Global MAC address learning status (enabled or disabled).
PortName	Port name.
Learning Status	MAC address learning status (enabled or disabled) for a port.

 

mac-address (interface view)

Use mac-address to add or modify a MAC address entry on a specified interface.

Use undo mac-address to remove a MAC address entry on the interface.

Syntax

mac-address { dynamic | static } mac-address vlan vlan-id

undo mac-address { dynamic | static } mac-address vlan vlan-id

Default

No MAC address entry is configured.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view, WLAN-BSS interface view

Default command level

2: System level

Parameters

dynamic: Specifies dynamic MAC address entries. These entries can age.

static: Specifies static MAC address entries. They do not age, but you can add or remove them.

mac-address: Specifies a MAC address in the format of H-H-H, where 0s at the beginning of each H (16-bit hexadecimal digit) can be omitted. For example, entering "f-e2-1" indicates that the MAC address is "000f-00e2-0001."

vlan vlan-id: Specifies an existing VLAN to which the Ethernet interface belongs, where vlan-id is the specified VLAN ID, ranging from 1 to 4094.

Usage guidelines

The MAC address entries configuration cannot survive a reboot unless you save it. However, the dynamic MAC address entries are lost at next reboot regardless of whether you save the configuration or not.

Examples

# Add a static entry for MAC address 000f-e201-0101 on port GigabitEthernet 1/0/1 that belongs to VLAN 2.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] mac-address static 000f-e201-0101 vlan 2

# Add a static entry for MAC address 000f-e201-0102 on port Bridge-Aggregation 1 that belongs to VLAN 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] mac-address static 000f-e201-0102 vlan 1

Related commands

display mac-address

mac-address (system view)

Use mac-address to add or modify a MAC address entry.

Use undo mac-address to remove one or all MAC address entries.

Syntax

mac-address blackhole mac-address vlan vlan-id

mac-address { dynamic | static } mac-address interface interface-type interface-number vlan vlan-id

undo mac-address [ { dynamic | static } mac-address interface interface-type interface-number vlan vlan-id ]

undo mac-address [ blackhole | dynamic | static ] [ mac-address ] vlan vlan-id

undo mac-address [ dynamic | static ] mac-address interface interface-type interface-number vlan vlan-id

undo mac-address [ dynamic | static ] interface interface-type interface-number

Default

No MAC address entry is configured.

Views

System view

Default command level

2: System level

Parameters

blackhole: Specifies destination blackhole MAC address entries. These entries do not age, but you can add or remove them. The packets whose destination MAC addresses match destination blackhole MAC address entries are dropped.

mac-address: Specifies a MAC address in the format of H-H-H, where 0s at the beginning of each H (16-bit hexadecimal digit) can be omitted. For example, entering "f-e2-1" indicates that the MAC address is "000f-00e2-0001."

vlan vlan-id: Specifies an existing VLAN to which the Ethernet interface belongs, where vlan-id is the specified VLAN ID, ranging from 1 to 4094.

dynamic: Specifies dynamic MAC address entries, which can be aged.

static: Specifies static MAC address entries. These entries do not age, but you can add or remove them.

interface interface-type interface-number: Specifies an outbound interface by its type and number.

Usage guidelines

A static or blackhole MAC address entry will not be overwritten by a dynamic MAC address entry. A dynamic MAC address entry can be overwritten by a static or blackhole MAC address entry.

If you execute the undo mac-address command without specifying any parameters, this command deletes all MAC address entries.

You can delete all the MAC address entries of a VLAN, or you can choose to delete a specific type (dynamic, static, or blackhole) of MAC address entries only.

The MAC address entries configuration cannot survive a reboot unless you save it. However, the dynamic MAC address entries are lost at next reboot regardless of whether you save the configuration or not.

Examples

# Add a static entry for MAC address 000f-e201-0101. All frames destined to this MAC address are sent out of port GigabitEthernet 1/0/1 which belongs to VLAN 2.

<Sysname> system-view

[Sysname] mac-address static 000f-e201-0101 interface gigabitethernet 1/0/1 vlan 2

Related commands

display mac-address

mac-address mac-learning disable

Use mac-address mac-learning disable to disable MAC address learning globally or on interfaces.

Use undo mac-address mac-learning disable to enable MAC address learning globally or on interfaces.

Syntax

mac-address mac-learning disable

undo mac-address mac-learning disable

Default

MAC address learning is enabled.

Views

System view, Layer 2 Ethernet interface view, WLAN-BSS interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Usage guidelines

Follow these guidelines when you configure MAC address learning:

·          You may need to disable MAC address learning to prevent the MAC address table from being saturated. For example, when your device is being attacked by many packets with different source MAC addresses, it affects the update of the MAC address table.

·          Because disabling MAC address learning may result in broadcast storms, enable broadcast storm suppression after you disable MAC address learning on a port.

Examples

# Disable global MAC address learning.

<Sysname> system-view

[Sysname] mac-address mac-learning disable

# Disable MAC address learning on port GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] mac-address mac-learning disable

# Disable MAC address learning on Bridge-Aggregation 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] mac-address mac-learning disable

Related commands

display mac-address mac-learning

mac-address max-mac-count

Use mac-address max-mac-count count to configure the maximum number of MAC addresses that can be learned on a port.

Use mac-address max-mac-count disable-forwarding to disable the device from forwarding frames with unknown source MAC addresses after the number of learned MAC addresses reaches the upper limit.

Use undo mac-address max-mac-count to restore the default maximum number of MAC addresses that can be learned on an Ethernet port.

Use undo mac-address max-mac-count disable-forwarding to allow the device to forward frames received on an Ethernet port with unknown source MAC addresses after the number of learned MAC addresses reaches the upper limit.

Syntax

mac-address max-mac-count { count | disable-forwarding }

undo mac-address max-mac-count [ disable-forwarding ]

Default

A port can learn a maximum of 255 MAC addresses, and it forwards frames received on the port when the upper limit is reached.

Views

Layer 2 Ethernet interface view, WLAN-BSS interface view, port group view, Layer 2 aggregate interface view

Default command level

2: System level

Parameters

count: Sets the maximum number of MAC addresses that can be learned on a port. When the argument takes 0, the port is not allowed to learn MAC addresses. The value range for this argument is 0 to 256.

disable-forwarding: Disables the device from forwarding frames with unknown source MAC addresses after the number of learned MAC addresses reaches the upper limit. Frames with the source MAC addresses listed in the MAC address table are forwarded.

Usage guidelines

If the command is executed in interface view, the configuration takes effect on the interface. If the command is executed in port group view, the configuration takes effect on all ports belonging to the port group.

Examples

# Set the maximum number of MAC addresses that can be learned on port GigabitEthernet 1/0/1 to 200. After this upper limit is reached, frames received with unknown source MAC addresses on the port are not forwarded.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] mac-address max-mac-count 200

[Sysname-GigabitEthernet1/0/1] mac-address max-mac-count disable-forwarding

Related commands

·          mac-address timer

·          mac-address (interface view)

·          mac-address (system view)

mac-address timer

Use mac-address timer to configure the aging timer for dynamic MAC address entries.

Use undo mac-address timer to restore the default.

Syntax

mac-address timer { aging seconds | no-aging }

undo mac-address timer aging

Default

The default of this command is 300 seconds.

Views

System view

Default command level

2: System level

Parameters

aging seconds: Sets an aging timer (in seconds) for dynamic MAC address entries. The value range for the seconds argument is 10 to 630.

no-aging: Sets dynamic MAC address entries not to age.

Usage guidelines

Follow these guidelines to set the aging timer appropriately:

·          A long aging interval may cause the MAC address table to retain outdated entries and fail to accommodate the latest network changes.

·          A short aging interval may result in removal of valid entries and unnecessary broadcasts that may affect the performance of the device.

Examples

# Set the aging timer for dynamic MAC address entries to 500 seconds.

<Sysname> system-view

[Sysname] mac-address timer aging 500