display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type interface-number ] | blackhole ] [ vlan vlan-id ] [ count ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mac-address: Specifies a MAC address in the format of H-H-H. When entering a MAC address, you can omit the leading zeros in each H section. For example, enter f-e2-1 for 000f-00e2-0001.

vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

dynamic: Displays dynamic MAC address entries.

static: Displays static MAC address entries.

interface interface-type interface-number: Specifies an interface by its type and number.

blackhole: Displays blackhole MAC address entries.

count: Displays only the number of MAC address entries that match all entry attributes you specify in the command. Detailed information about MAC address entries is not displayed. For example, you can use the display mac-address vlan 20 dynamic count command to display the number of dynamic entries for VLAN 20. If you do not specify an entry attribute, the command displays the number of entries in the MAC address table. If you do not specify this keyword, the command displays detailed information about the specified MAC address entries.

Usage guidelines

A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID.

If you do not specify any parameters, the command displays all MAC address entries.

This command displays dynamic MAC address entries for an aggregate interface only when the aggregate interface has a minimum of one Selected member port.

Examples

# Display MAC address entries for VLAN 100.

<Sysname> display mac-address vlan 100

MAC Address VLAN ID State Port/Nickname Aging

0033-0033-0033 100 Blackhole N/A N

0000-0000-0002 100 Static HGE1/0/3 N

00e0-fc00-5829 100 Learned HGE1/0/4 Y

# Display the number of MAC address entries.

<Sysname> display mac-address count

1 mac address(es) found.

Table 1 Command output

Field	Description
VLAN ID	ID of the VLAN to which the outgoing interface of the MAC address entry belongs.
State	MAC address entry state: · Static—Static MAC address entry. · Learned—Dynamic MAC address entry. Dynamic entries can be learned or manually configured. · Blackhole—Blackhole MAC address entry.
Port/Nickname	When the field displays an interface name, the field indicates the outgoing interface for packets that are destined for the MAC address. This field displays N/A for a blackhole MAC address entry.
Aging	Whether the entry can age out: · Y—The entry can age out. · N—The entry never ages out.
mac address(es) found	Number of matching MAC address entries.

Related commands

mac-address

mac-address timer

display mac-address aging-time

Use display mac-address aging-time to display the aging timer for dynamic MAC address entries.

Syntax

display mac-address aging-time

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the aging timer for dynamic MAC address entries.

<Sysname> display mac-address aging-time

MAC address aging time: 300s.

Related commands

mac-address timer

display mac-address mac-learning

Use display mac-address mac-learning to display the global MAC address learning status and the MAC learning status of the specified interface or all interfaces.

Syntax

display mac-address mac-learning [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays the global MAC address learning status and the MAC address learning status of all interfaces.

Examples

# Display the global MAC address learning status and the MAC learning status of all interfaces.

<Sysname> display mac-address mac-learning

Global MAC address learning status: Enabled.

Port Learning Status

HGE1/0/1 Enabled

HGE1/0/2 Enabled

Table 2 Command output

Field	Description
Global MAC address learning status	Global MAC address learning status: · Enabled. · Disabled. This state is not supported in the current software version.
Learning Status	MAC address learning status of an interface: · Enabled. · Disabled.

Field

Description

Global MAC address learning status

Global MAC address learning status:

· Enabled.

· Disabled. This state is not supported in the current software version.

Learning Status

MAC address learning status of an interface:

· Enabled.

· Disabled.

Related commands

mac-address mac-learning enable

display mac-address mac-move

Use display mac-address mac-move to display the MAC address move records after the device is started.

Syntax

display mac-address mac-move [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies the slot number of the device, which is fixed at 1.

Usage guidelines

When a MAC address frequently moves between the specified two interfaces, Layer 2 loops might occur in the network. To discover and locate loops, you can view the MAC address move records.

In the MAC address move records, records with the same MAC address, VLAN, source port, and current port are considered to be one record.

An IRF member device can generate a maximum of 200 MAC address move records.

Examples

# Display the MAC address move records for a slot.

<Sysname> display mac-address mac-move slot 1

MAC address VLAN Current port Source port Last time Times

0000-0001-002c 1 HGE1/0/1 HGE1/0/2 2013-05-20 13:40:52 1

0000-0001-002c 1 HGE1/0/2 HGE1/0/1 2013-05-20 13:41:30 1

--- 2 MAC address moving records found ---

# Display the MAC address move records for all slots.

<Sysname> display mac-address mac-move

MAC address VLAN Current port Source port Last time Times

0000-0001-002c 1 HGE1/0/1 HGE1/0/2 2013-05-20 13:40:52 20

0000-0001-002c 1 HGE1/0/2 HGE1/0/1 2013-05-20 13:41:32 20

0000-0094-0001 1 HGE1/0/3 HGE1/0/4 2013-05-20 13:42:22 13

0000-0094-0001 1 HGE1/0/4 HGE1/0/3 2013-05-20 13:42:21 12

--- 4 MAC address moving records found ---

Table 3 Command output

Field	Description
VLAN	VLAN to which the outgoing interface of the MAC address entry belongs.
Current port	Interface to which the MAC address was moved.
Source port	Interface from which the MAC address was moved.
Last time	Last time when the MAC address was moved.
Times	Number of MAC address moves after the device is started. For a MAC address record, the number of MAC address moves is increased by 1 when a new MAC address move has the same MAC address, VLAN, Current Port, and Source Port fields as the MAC address record.

Related commands

mac-address notification mac-move

display mac-address statistics

Use display mac-address statistics to display MAC address table statistics.

Syntax

display mac-address statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

This command displays the number of MAC address entries per type and the maximum number of MAC address entries allowed for each type.

Examples

# Display MAC address table statistics.

<Sysname> display mac-address statistics

MAC Address Count:

Dynamic Unicast Address (Learned) Count: 3

Dynamic Unicast Address (Security-service-defined) Count: 4

Static Unicast Address (User-defined) Count: 0

Static Unicast Address (System-defined) Count: 3

Total Unicast MAC Addresses In Use: 10

Total Unicast MAC Addresses Available: 32768

Multicast and Multiport MAC Address Count: 1

Static Multicast and Multiport MAC Address (User-defined) Count: 1

Total Multicast and Multiport MAC Addresses Available: 256

Table 4 Command output

Field	Description
Dynamic Unicast Address (Learned) Count	Number of dynamic unicast MAC address entries triggered by packets.
Dynamic Unicast Address (Security-service-defined) Count	Number of dynamic unicast MAC address entries triggered by the security service.
Static Unicast Address (User-defined) Count	Number of static unicast MAC address entries added by users.
Static Unicast Address (System-defined) Count	Number of static unicast MAC address entries added by the system.
Total Unicast MAC Addresses In Use	Number of unicast MAC address entries.
Total Unicast MAC Addresses Available	Maximum number of unicast MAC address entries allowed.
Multicast and Multiport MAC Address Count	Number of multicast and multiport unicast MAC address entries.
Static Multicast and Multiport MAC Address (User-defined) Count	Number of static multicast and multiport unicast MAC address entries added by users.
Total Multicast and Multiport MAC Addresses Available	Maximum number of multicast and multiport unicast MAC address entries allowed.

mac-address (interface view)

Use mac-address to add or modify a MAC address entry on an interface.

Use undo mac-address to delete a MAC address entry on an interface.

Syntax

mac-address { dynamic | static } mac-address vlan vlan-id

undo mac-address { dynamic | static } mac-address vlan vlan-id

Default

An interface is not configured with MAC address entries.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

dynamic: Specifies dynamic MAC address entries.

static: Specifies static MAC address entries.

mac-address: Specifies a MAC address in the format of H-H-H, excluding multicast, all-zero, and all-F MAC addresses. When entering a MAC address, you can omit the leading zeros in each H section. For example, enter f-e2-1 for 000f-00e2-0001.

vlan vlan-id: Specifies an existing VLAN to which the specified interface belongs. The value range for the vlan-id argument is 1 to 4094.

Usage guidelines

Typically, the device automatically builds the MAC address table by learning the source MAC addresses of incoming frames on each interface. However, you can manually configure static MAC address entries. For a MAC address, a manually configured static entry takes precedence over a dynamically learned entry. To improve the security for the user device connected to an interface, manually configure a static entry to bind the user device to the interface. Then, the frames destined for the user device (for example, Host A) are always sent out of the interface. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A.

The MAC address entry configuration cannot survive a reboot unless you save it. The dynamic MAC address entries, however, are lost upon reboot whether or not you save the configuration.

Examples

# Add a static entry for MAC address 000f-e201-0101 on HundredGigE 1/0/1 that belongs to VLAN 2.

<Sysname> system-view

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] mac-address static 000f-e201-0101 vlan 2

# Add a static entry for MAC address 000f-e201-0101 on Bridge-Aggregation 1 that belongs to VLAN 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] mac-address static 000f-e201-0102 vlan 1

Related commands

display mac-address

mac-address (system view)

Use mac-address to add or modify a MAC address entry.

Use undo mac-address to delete one or all MAC address entries.

Syntax

mac-address { dynamic | static } mac-address interface interface-type interface-number vlan vlan-id

mac-address blackhole mac-address vlan vlan-id

undo mac-address [ [ dynamic | static ] mac-address interface interface-type interface-number vlan vlan-id ]

undo mac-address [ blackhole | dynamic | static ] [ mac-address ] vlan vlan-id

undo mac-address [ dynamic | static ] interface interface-type interface-number

Default

The system is not configured with MAC address entries.

Views

System view

Predefined user roles

network-admin

Parameters

dynamic: Specifies dynamic MAC address entries.

static: Specifies static MAC address entries.

blackhole: Specifies blackhole MAC address entries. Packets whose source or destination MAC addresses match blackhole MAC address entries are dropped.

vlan vlan-id: Specifies an existing VLAN to which the interface belongs. The value range for the vlan-id argument is 1 to 4094.

interface interface-type interface-number: Specifies an outgoing interface by its type and number.

Usage guidelines

You can use this command to configure the following types of MAC address entries:

· Dynamic entries.

Dynamic entries include manually configured dynamic entries and automatically learned dynamic entries.

· Static entries.

For a MAC address, a manually configured static entry takes precedence over a dynamic entry. To improve the security for the user device connected to an interface, manually configure a static entry to bind the user device to the interface. Then, the frames destined for the user device (for example, Host A) are always sent out of the interface. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A.

· Blackhole entries.

To drop frames with the specified source MAC addresses or destination MAC addresses, you can configure blackhole entries.

A static or blackhole entry can overwrite a dynamic entry, but not vice versa.

If you execute the undo mac-address command without specifying any parameters, this command deletes all unicast MAC address entries.

You can delete all the MAC address entries from the specified VLAN. You can also delete only one type (dynamic, static, or blackhole) of MAC address entries. You can single out an interface and delete the unicast MAC address entries on it.

The MAC address entry configuration cannot survive a reboot unless you save it. The dynamic MAC address entries, however, are lost upon reboot whether or not you save the configuration.

Examples

# Add a static entry for MAC address 000f-e201-0101. Then, all frames that are destined for this MAC address are sent out of HundredGigE 1/0/1, which belongs to VLAN 2.

<Sysname> system-view

[Sysname] mac-address static 000f-e201-0101 interface hundredgige 1/0/1 vlan 2

Related commands

display mac-address

mac-address (interface view)

mac-address mac-learning enable

Use mac-address mac-learning enable to enable MAC address learning on an interface.

Use undo mac-address mac-learning enable to disable MAC address learning on an interface.

Syntax

mac-address mac-learning enable

undo mac-address mac-learning enable

Default

MAC address learning is enabled.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

To prevent the MAC address table from becoming saturated, you can disable MAC address learning.

For example, a number of packets with different source MAC addresses reaching a device can affect the MAC address table update. To avoid such attacks, you can disable MAC address learning by following these guidelines:

· You can disable MAC address learning on a per-interface basis. The device then stops learning MAC addresses and cannot dynamically update the MAC address table.

· Because disabling MAC address learning can result in broadcast storms, enable broadcast storm suppression after you disable MAC address learning on an interface. For more information about broadcast storm suppression, see Interface Configuration Guide.

· After MAC address learning is disabled, the device deletes existing dynamic MAC address entries.

Examples

# Disable MAC address learning on HundredGigE 1/0/1.

<Sysname> system-view

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] undo mac-address mac-learning enable

# Disable MAC address learning on Bridge-Aggregation 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] undo mac-address mac-learning enable

Related commands

display mac-address mac-learning

mac-address notification mac-move

Use mac-address notification mac-move to enable MAC address move notifications and optionally specify a MAC move detection interval.

Use undo mac-address notification mac-move to disable MAC address move notifications.

Syntax

mac-address notification mac-move [ interval interval ]

undo mac-address notification mac-move

Default

MAC address move notifications are disabled.

Views

System view

Predefined user roles

network-admin

Parameters

interval interval: Specifies the interval for detecting MAC address moves, in the range of 1 to 60 minutes. If you do not specify this option, the default setting of 1 minute is used.

Usage guidelines

With MAC address move notifications enabled, the system records the MAC address move logs every MAC move detection interval. Each record of the MAC address move logs contains the following information:

· MAC address.

· VLAN ID of the MAC address entry.

· Current port and source port of the MAC address moves.

· Number of MAC address moves within a detection interval.

A MAC address can have only one MAC address move record. If a MAC address moves multiple times, the new record overrides the old record.

Within a detection interval, an IRF member device can record MAC address move information for a maximum of 20 MAC addresses. The records are ranked in descending order of MAC move counts. When the MAC move count of a new record is higher than the MAC move count of any existing record, the device performs the following operations:

· Discards the record that has the lowest MAC move count.

· Ranks the MAC address move records in descending order of MAC move count.

Then in the next detection interval, the device discards all MAC address move records generated in the previous detection interval and starts another round of MAC move record generation.

After you execute this command, the system sends only syslog messages to the information center module. If the snmp-agent trap enable mac-address command is also executed, the system also sends SNMP notifications to the SNMP module.

Examples

# Enable MAC address move notifications.

<Sysname> system-view

[Sysname] mac-address notification mac-move

[Sysname]

%May 14 17:16:45:688 2013 Sysname MAC/4/MAC_FLAPPING: MAC address 0000-0012-0034 in VLAN 500 has moved from port HGE1/0/1 to port HGE1/0/2 for 1 times

The output shows that:

· The VLAN ID of MAC address 0000-0012-0034 is VLAN 500.

· The MAC address moved from HundredGigE 1/0/1 to HundredGigE 1/0/2.

· The MAC address has moved once within a MAC move detection interval.

Related commands

display mac-address mac-move

mac-address notification mac-move suppression (interface view)

Use mac-address notification mac-move suppression to enable MAC address move suppression on an interface.

Use undo mac-address notification mac-move suppression to disable MAC address move suppression on an interface.

Syntax

mac-address notification mac-move suppression

undo mac-address notification mac-move suppression

Default

MAC address moves are not suppressed.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

This feature shuts an interface down when a MAC address has been moved to or from the interface more than the suppression threshold within a MAC move detection interval. The shutdown interface automatically goes up after a suppression interval. Also, you can use the shutdown command and then the undo shutdown command to bring up the interface.

When MAC address move suppression shuts an interface down, the system sends only syslog messages to the information center module. If the snmp-agent trap enable mac-address command is also executed, the system also sends SNMP notifications to the SNMP module.

Examples

# Enable MAC address move suppression on HundredGigE 1/0/1.

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] mac-address notification mac-move suppression

Related commands

mac-address notification mac-move suppression (system view)

Use mac-address notification mac-move suppression to set the suppression interval or the suppression threshold.

Use undo mac-address notification mac-move suppression to restore the default.

Syntax

mac-address notification mac-move suppression { interval interval | threshold threshold }

undo mac-address notification mac-move suppression { interval | threshold }

Default

The suppression interval is 30 seconds. The suppression threshold is 3.

Views

System view

Predefined user roles

network-admin

Parameters

interval interval: Specifies the MAC address move suppression interval during which a suppressed interface stays down. The value range for the interval-value argument is 30 to 86400 seconds. If you do not specify this option, the default suppression interval of 30 seconds is used.

threshold threshold: Specifies the suppression threshold for MAC address moves sourced from or destined for an interface within a MAC move detection interval. The value range for this argument is 0 to 1024. If you do not specify this option, the default suppression threshold of 3 is used.

Usage guidelines

For this command to take effect on an interface, you must also enable MAC address move suppression on the interface.

If you set the suppression interval or suppression threshold multiple times, the most recent configuration applies. The suppression interval setting is independent of the suppression threshold setting.

Examples

# Set the suppression interval to 40 seconds and the suppression threshold to 1 for MAC address moves.

<Sysname> system-view

[Sysname] mac-address notification mac-move suppression interval 40

[Sysname] mac-address notification mac-move suppression threshold 1

Related commands

mac-address notification mac-move suppression (interface view)

mac-address static source-check enable

Use mac-address static source-check enable to enable the static source check feature.

Use undo mac-address static source-check enable to disable the static source check feature.

Syntax

mac-address static source-check enable

undo mac-address static source-check enable

Default

The static source check feature is enabled.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Layer 3 Ethernet interface view

Layer 3 aggregate interface view

Predefined user roles

network-admin

Examples

# Disable the static source check feature on HundredGigE 1/0/1.

<Sysname> system-view

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] undo mac-address static source-check enable

mac-address timer

Use mac-address timer to set the aging timer for dynamic MAC address entries.

Use undo mac-address timer to restore the default.

Syntax

mac-address timer { aging seconds | no-aging }

undo mac-address timer

Default

The default MAC aging timer is 300 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

aging seconds: Specifies an aging timer for dynamic MAC address entries, in seconds. The value range for the seconds argument is10 to 630.

no-aging: Configures dynamic MAC address entries not to age.

Usage guidelines

To set the aging timer appropriately, follow these guidelines:

· A long aging interval causes the MAC address table to retain outdated entries and fail to accommodate the most recent network changes.

· A short aging interval results in removal of valid entries. Then, unnecessary broadcast packets appear and affect device performance.

Examples

# Set the aging time to 500 seconds for dynamic MAC address entries.

<Sysname> system-view

[Sysname] mac-address timer aging 500

Related commands

display mac-address aging-time

snmp-agent trap enable mac-address

Use snmp-agent trap enable mac-address to enable SNMP notifications for the MAC address table.

Use undo snmp-agent trap enable mac-address to disable SNMP notifications for the MAC address table.

Syntax

snmp-agent trap enable mac-address [ mac-move ]

undo snmp-agent trap enable mac-address [ mac-move ]

Default

SNMP notifications are enabled for the MAC address table.

Views

System view

Predefined user roles

network-admin

Parameters

mac-move: Specifies notifications about the MAC address moves for the MAC address table. If you do not specify this keyword, the command enables all types of SNMP notifications for the MAC address table.

Usage guidelines

To report critical MAC address move events to an NMS, enable SNMP notifications for the MAC address table. For MAC address move event notifications to be sent correctly, you must also configure SNMP on the device.

When SNMP notifications are disabled for the MAC address table, the device sends the generated logs to the information center. To display the logs, configure the log destination and output rule configuration in the information center.

For information about SNMP and information center configuration, see the network management and monitoring configuration guide for the device.

The MAC address table supports only SNMP notifications about MAC address moves. When you enable or disable SNMP notifications about MAC address moves, you enable or disable all types of SNMP notifications for the MAC address table.

Examples

# Disable SNMP notifications about MAC address moves for the MAC address table.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable mac-address mac-move

Related commands

mac-address notification mac-move

05-Layer 2—LAN Switching Command Reference

display mac-address mac-learning

display mac-address mac-move

mac-address (system view)

mac-address mac-learning enable

mac-address notification mac-move

mac-address notification mac-move suppression (interface view)

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us