- Table of Contents
-
- 04-Layer 2—LAN Switching Command Reference
- 00-Preface
- 01-MAC address table commands
- 02-Ethernet link aggregation commands
- 03-Port isolation commands
- 04-VLAN commands
- 05-MVRP commands
- 05-QinQ commands
- 07-VLAN mapping commands
- 08-VLAN termination commands
- 09-Loop detection commands
- 10-Spanning tree commands
- 11-LLDP commands
- Related Documents
-
Title | Size | Download |
---|---|---|
01-MAC address table commands | 104.62 KB |
display mac-address aging-time
display mac-address mac-learning
mac-address mac-learning enable
mac-address max-mac-count enable-forwarding
snmp-agent trap enable mac-address
MAC address table commands
This document covers the configuration of unicast MAC address entries, including static, dynamic, and blackhole MAC address entries. For more information about MAC address table configuration in VPLS, see MPLS Configuration Guide.
display mac-address
Use display mac-address to display MAC address entries.
Syntax
display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type interface-number ] | blackhole ] [ vlan vlan-id ] [ count ] ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
mac-address: Specifies a MAC address in the format of H-H-H. When entering a MAC address, you can omit the leading zeros in each H section. For example, enter f-e2-1 for 000f-00e2-0001.
vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
dynamic: Displays dynamic MAC address entries.
static: Displays static MAC address entries.
interface interface-type interface-number: Specifies an interface by its type and number.
blackhole: Displays blackhole MAC address entries.
count: Displays only the number of MAC address entries that match all entry attributes you specify in the command. Detailed information about MAC address entries is not displayed. For example, you can use the display mac-address vlan 20 dynamic count command to display the number of dynamic entries for VLAN 20. If you do not specify an entry attribute, the command displays the number of entries in the MAC address table. If you do not specify this keyword, the command displays detailed information about the specified MAC address entries.
Usage guidelines
A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID.
If you do not specify any parameters, the command displays all MAC address entries.
This command displays dynamic MAC address entries for an aggregate interface only when the aggregate interface has a minimum of one Selected member port.
Examples
# Display MAC address entries for VLAN 100.
<Sysname> display mac-address vlan 100
MAC Address VLAN ID State Port/Nickname Aging
0033-0033-0033 100 Blackhole N/A N
0000-0000-0002 100 Static XGE3/1/3 N
00e0-fc00-5829 100 Learned XGE3/1/4 Y
0000-0000-0022 100 OpenFlow XGE3/1/5 N
# Display the number of MAC address entries.
<Sysname> display mac-address count
1 mac address(es) found.
Table 1 Command output
Field |
Description |
VLAN ID |
ID of the VLAN to which the outgoing interface of the MAC address entry belongs. |
State |
MAC address entry state: · Static—Static MAC address entry. · Learned—Dynamic MAC address entry. Dynamic entries can be learned or manually configured. · Blackhole—Blackhole MAC address entry. · OpenFlow—MAC address entry for an OpenFlow instance. |
Port/Nickname |
When the field displays an interface name, the field indicates the outgoing interface for packets that are destined for the MAC address. This field displays N/A for a blackhole MAC address entry. The Nickname field is not supported in the current software version. |
Aging |
Whether the entry can age out: · Y—The entry can age out. · N—The entry never ages out. |
mac address(es) found |
Number of matching MAC address entries. |
Related commands
mac-address
mac-address timer
display mac-address aging-time
Use display mac-address aging-time to display the aging timer for dynamic MAC address entries.
Syntax
display mac-address aging-time
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the aging timer for dynamic MAC address entries.
<Sysname> display mac-address aging-time
MAC address aging time: 300s.
Related commands
mac-address timer
display mac-address mac-learning
Use display mac-address mac-learning to display the global MAC address learning status and the MAC learning status of the specified interface or all interfaces.
Syntax
display mac-address mac-learning [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays the global MAC address learning status and the MAC address learning status of all interfaces.
Examples
# Display the global MAC address learning status and the MAC learning status of all interfaces.
<Sysname> display mac-address mac-learning
Global MAC address learning status: Enabled.
Port Learning Status
XGE3/1/1 Enabled
XGE3/1/2 Enabled
Table 2 Command output
Field |
Description |
Global MAC address learning status |
Global MAC address learning status: · Enabled. · Disabled. |
Learning Status |
MAC address learning status of an interface: · Enabled. · Disabled. |
Related commands
mac-address mac-learning enable
mac-address (interface view)
Use mac-address to add or modify a MAC address entry on an interface.
Use undo mac-address to delete a MAC address entry on an interface.
Syntax
mac-address { dynamic | static } mac-address vlan vlan-id
undo mac-address { dynamic | static } mac-address vlan vlan-id
Default
An interface is not configured with MAC address entries.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Layer 2 FlexE logical interface view
Predefined user roles
network-admin
Parameters
dynamic: Specifies dynamic MAC address entries.
static: Specifies static MAC address entries.
mac-address: Specifies a MAC address in the format of H-H-H, excluding multicast, all-zero, and all-F MAC addresses. When entering a MAC address, you can omit the leading zeros in each H section. For example, enter f-e2-1 for 000f-00e2-0001.
vlan vlan-id: Specifies an existing VLAN to which the specified interface belongs. The value range for the vlan-id argument is 1 to 4094.
Usage guidelines
Typically, the device automatically builds the MAC address table by learning the source MAC addresses of incoming frames on each interface. However, you can manually configure static MAC address entries. For a MAC address, a manually configured static entry takes precedence over a dynamically learned entry. To improve the security for the user device connected to an interface, manually configure a static entry to bind the user device to the interface. Then, the frames destined for the user device (for example, Host A) are always sent out of the interface. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A.
The MAC address entry configuration cannot survive a reboot unless you save it. The dynamic MAC address entries, however, are lost upon reboot whether or not you save the configuration.
Examples
# Add a static entry for MAC address 000f-e201-0101 on Ten-GigabitEthernet 3/1/1 that belongs to VLAN 2.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] mac-address static 000f-e201-0101 vlan 2
# Add a static entry for MAC address 000f-e201-012 on Bridge-Aggregation 1 that belongs to VLAN 1.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] mac-address static 000f-e201-0102 vlan 1
Related commands
display mac-address
mac-address (system view)
mac-address (system view)
Use mac-address to add or modify a MAC address entry.
Use undo mac-address to delete one or all MAC address entries.
Syntax
mac-address { dynamic | static } mac-address interface interface-type interface-number vlan vlan-id
mac-address blackhole mac-address vlan vlan-id
undo mac-address [ blackhole | dynamic | static ] [ mac-address ] vlan vlan-id
undo mac-address [ dynamic | static ] interface interface-type interface-number
Default
The system is not configured with MAC address entries.
Views
System view
Predefined user roles
network-admin
Parameters
dynamic: Specifies dynamic MAC address entries.
static: Specifies static MAC address entries.
blackhole: Specifies blackhole MAC address entries. Packets whose source or destination MAC addresses match blackhole MAC address entries are dropped.
mac-address: Specifies a MAC address in the format of H-H-H, excluding multicast, all-zero, and all-F MAC addresses. When entering a MAC address, you can omit the leading zeros in each H section. For example, enter f-e2-1 for 000f-00e2-0001.
vlan vlan-id: Specifies an existing VLAN to which the interface belongs. The value range for the vlan-id argument is 1 to 4094.
interface interface-type interface-number: Specifies an outgoing interface by its type and number.
interface interface-list: Specifies a list of up to four interface items. Each interface item can be an individual interface in the format of interface-type interface-number or a range of interfaces in the format of interface-type interface-number1 to interface-type interface-number2. The interfaces can only be Layer 2 Ethernet interfaces or Layer 2 aggregate interfaces. The value for the interface-number2 argument cannot be lower than the value for the interface-number1 argument.
Usage guidelines
You can use this command to configure the following types of MAC address entries:
· Dynamic entries.
Dynamic entries include manually configured dynamic entries and automatically learned dynamic entries.
· Static entries.
For a MAC address, a manually configured static entry takes precedence over a dynamic entry. To improve the security for the user device connected to an interface, manually configure a static entry to bind the user device to the interface. Then, the frames destined for the user device (for example, Host A) are always sent out of the interface. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A.
· Blackhole entries.
To drop frames with the specified source MAC addresses or destination MAC addresses, you can configure blackhole entries.
A static or blackhole entry can overwrite a dynamic entry, but not vice versa.
If you execute the undo mac-address command without specifying any parameters, this command deletes all MAC address entries.
You can delete all the MAC address entries of the specified VLAN. You can also delete only one type (dynamic, static, or blackhole) of MAC address entries. You can single out an interface and delete the corresponding MAC address entries.
Examples
# Add a static entry for MAC address 000f-e201-0101. Then, all frames that are destined for this MAC address are sent out of Ten-GigabitEthernet 3/1/1, which belongs to VLAN 2.
<Sysname> system-view
[Sysname] mac-address static 000f-e201-0101 interface ten-gigabitethernet 3/1/1 vlan 2
Related commands
display mac-address
mac-address (interface view)
mac-address mac-learning enable
Use mac-address mac-learning enable to enable MAC address learning globally, on an interface, or on a VLAN.
Use undo mac-address mac-learning enable to disable MAC address learning globally, on an interface, or on a VLAN.
Syntax
mac-address mac-learning enable
undo mac-address mac-learning enable
Default
MAC address learning is enabled.
Views
System view
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
VLAN view
Layer 2 FlexE logical interface view
Predefined user roles
network-admin
Usage guidelines
To prevent the MAC address table from becoming saturated, you can disable MAC address learning.
For example, a number of packets with different source MAC addresses reaching a device can affect the MAC address table update. To avoid such attacks, you can disable MAC address learning by following these guidelines:
· If you disable MAC address learning on a per-interface basis, the interface then stops learning MAC addresses. You cannot disable MAC address learning globally on the device.
· Because disabling MAC address learning can result in broadcast storms, enable broadcast storm suppression after you disable MAC address learning on an interface. For more information about broadcast storm suppression, see Interface Configuration Guide.
· After MAC address learning is disabled, existing dynamic MAC address entries can age out.
This command does not take effect on VPLS VSIs or VXLAN VSIs. For information about VPLS VSIs, see MPLS Configuration Guide. For information about VXLAN VSIs, see VXLAN Configuration Guide.
Examples
# Disable MAC address learning for VLAN 10.
<Sysname> system-view
[Sysname] vlan 10
[Sysname-vlan10] undo mac-address mac-learning enable
# Disable MAC address learning on Ten-GigabitEthernet 3/1/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] undo mac-address mac-learning enable
# Disable MAC address learning on Bridge-Aggregation 1.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] undo mac-address mac-learning enable
Related commands
display mac-address mac-learning
mac-address max-mac-count
Use mac-address max-mac-count to set the MAC learning limit on an interface.
Use undo mac-address max-mac-count to restore the default.
Syntax
mac-address max-mac-count count
undo mac-address max-mac-count
Default
The MAC learning limit on an interface is restricted only by the hardware capabilities.
Views
Layer 2 Ethernet interface view
Layer 2 FlexE logical interface view
Predefined user roles
network-admin
Parameters
count: Specifies the maximum number of MAC addresses that can be learned on an interface. When the argument is set to 0, the interface is not allowed to learn MAC addresses.The value range for this argument is 0 to 65536.
Usage guidelines
This command limits the number of MAC address entries to limit the MAC address table size. A large MAC address table will degrade forwarding performance. When the number of MAC address entries learned by an interface reaches the limit, the interface stops learning MAC address entries.
Examples
# Configure Ten-GigabitEthernet 3/1/1 to learn a maximum of 600 MAC address entries.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] mac-address max-mac-count 600
Related commands
mac-address
mac-address max-mac-count enable-forwarding
mac-address max-mac-count enable-forwarding
Use mac-address max-mac-count enable-forwarding to enable the device to forward unknown frames received on an interface after the MAC learning limit on the interface is reached. Unknown frames refer to frames whose source MAC addresses are not in the MAC address table.
Use undo mac-address max-mac-count enable-forwarding to disable the device from forwarding unknown frames received on an interface after the MAC learning limit on the interface is reached.
Syntax
mac-address max-mac-count enable-forwarding
undo mac-address max-mac-count enable-forwarding
Default
When the MAC learning limit on an interface is reached, the device can forward unknown frames received on the interface.
Views
Layer 2 Ethernet interface view
Layer 2 FlexE logical interface view
Predefined user roles
network-admin
Examples
# Configure Ten-GigabitEthernet 3/1/1 to learn a maximum of 600 MAC address entries.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/1/1
[Sysname-Ten-GigabitEthernet3/1/1] mac-address max-mac-count 600
# Disable the device from forwarding unknown frames received on Ten-GigabitEthernet 3/1/1 after the MAC learning limit on Ten-GigabitEthernet 3/1/1 is reached.
[Sysname-Ten-GigabitEthernet3/1/1] undo mac-address max-mac-count enable-forwarding
Related commands
mac-address
mac-address max-mac-count
mac-address timer
Use mac-address timer to set the aging timer for dynamic MAC address entries.
Use undo mac-address timer to restore the default.
Syntax
mac-address timer { aging seconds | no-aging }
undo mac-address timer
Default
The aging timer is 300 seconds for dynamic MAC address entries.
Views
System view
Predefined user roles
network-admin
Parameters
aging seconds: Specifies an aging timer for dynamic MAC address entries, in seconds. The value range for the seconds argument is 10 to 3600.
no-aging: Configures dynamic MAC address entries not to age.
Usage guidelines
To set the aging timer appropriately, follow these guidelines:
· A long aging interval causes the MAC address table to retain outdated entries and fail to accommodate the most recent network changes.
· A short aging interval results in removal of valid entries. Then, unnecessary broadcast packets appear and affect device performance.
Examples
# Set the aging time to 500 seconds for dynamic MAC address entries.
<Sysname> system-view
[Sysname] mac-address timer aging 500
Related commands
display mac-address aging-time
snmp-agent trap enable mac-address
Use snmp-agent trap enable mac-address to enable SNMP notifications for the MAC address table.
Use undo snmp-agent trap enable mac-address to disable SNMP notifications for the MAC address table.
Syntax
snmp-agent trap enable mac-address
undo snmp-agent trap enable mac-address
Default
SNMP notifications are enabled for the MAC address table.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To report critical MAC address move events to an NMS, enable SNMP notifications for the MAC address table. For MAC address move event notifications to be sent correctly, you must also configure SNMP on the device.
When SNMP notifications are disabled for the MAC address table, the device sends the generated logs to the information center. To display the logs, configure the log destination and output rule configuration in the information center.
For information about SNMP and information center configuration, see the network management and monitoring configuration guide for the device.
Examples
# Disable SNMP notifications for the MAC address table.
<Sysname> system-view
[Sysname] undo snmp-agent trap enable mac-address