Configuring The Mac Address Table; Creating A Mac Address Table Entry; Using Mac Address Table Entries - HP A5830 Configuration Manual
Layer 2 lan switching
Hide thumbs
Also See for A5830:
- Configuration manual (280 pages) ,
- Command reference manual (249 pages) ,
- Configuration manual (152 pages)
Table of Contents
Advertisement
Configuring the MAC address table
An Ethernet device uses a MAC address table for forwarding frames through unicast instead of
broadcast. This table describes from which port a MAC address (or host) can be reached. When
forwarding a frame, the device first looks up the MAC address of the frame in the MAC address table for
a match. If the switch finds an entry, it forwards the frame out of the outgoing port in the entry. If the
switch does not find an entry, it broadcasts the frame out of all but the incoming port.
Creating a MAC address table entry
The switch obtains entries in the MAC address table automatically, or add them manually.
MAC address learning
The device can populate its MAC address table automatically by obtaining the source MAC addresses
(called ―MAC address learning‖) of incoming frames on each port.
When a frame arrives at a port, Port A for example, the device performs the following tasks:
Verifies the source MAC address (for example, MAC-SOURCE) of the frame.
1.
Looks up the source MAC address in the MAC address table.
2.
If an entry is found, the device updates the entry.
If no entry is found, the device adds an entry for MAC-SOURCE and Port A.
After obtaining this source MAC address, when the device receives a frame destined for MAC-
3.
SOURCE, the device finds the MAC-SOURCE entry in the MAC address table and forwards the
frame out Port A.
The device performs the learning process each time it receives a frame from an unknown source MAC
address, until the MAC address table is fully populated.
Manually configuring MAC address entries
With dynamic MAC address learning, a device does not distinguish between illegitimate and legitimate
frames, which can invite security hazards. For example, when a hacker sends frames with a forged source
MAC address to a port different from the one that the real MAC address is connected, the device creates
an entry for the forged MAC address, and forwards frames destined for the legal user to the hacker
instead.
Bind specific user devices to the port by adding MAC address entries manually to the MAC address table
of the switch. Because manually-configured entries have higher priority than dynamically-obtained ones,
this prevents hackers from stealing data using forged MAC addresses.
Using MAC address table entries
A MAC address table can contain the following types of entries:
Static entries, which are manually added and never age out.
Dynamic entries, which can be manually added or dynamically obtained and can age out.
Blackhole entries, which are manually configured and never age out. Blackhole entries are
configured for filtering out frames with specific source or destination MAC addresses. For example,
17
Hide quick links:
Advertisement
Table of Contents
