Types Of Mac Address Table Entries; Mac Address Table-Based Frame Forwarding; Configuring The Mac Address Table - H3C S5120-SI series Configuration Manual

Hide thumbs Also See for S5120-SI series:

Command reference manual (910 pages)

Configuration manual (745 pages)

Operation manual (697 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

page of 183

/ 183
Contents
Table of Contents
Bookmarks

Table of Contents

Manually configuring MAC address entries

With dynamic MAC address learning, a switch does not distinguish between illegitimate and legitimate

frames, which can invite security hazards. For example, if a hacker sends frames with a forged source

MAC address to a port different from the one where the real MAC address is connected to, the switch will

create an entry for the forged MAC address, and forward frames destined for the legal user to the hacker

instead.

To improve the port security, you can bind specific user devices to the port by manually adding static

MAC address entries to the MAC address table of the switch.

Types of MAC address table entries

A MAC address table can contain the following types of entries:

•

Static entries, which are manually added and never age out.

Dynamic entries, which can be manually added or dynamically learned and may age out.

•

Blackhole entries, which are manually configured and never age out. Blackhole entries are

•

configured for filtering out frames with specified source or destination MAC addresses. For example,

to block all packets destined for a specific user for security concerns, you can configure the MAC

address of this user as a blackhole MAC address entry.

To adapt to network changes and prevent inactive entries from occupying table space, an aging

mechanism is adopted for dynamic MAC address entries. Each time a dynamic MAC address entry is

learned or created, an aging time starts. If the entry has not updated when the aging timer expires, the

switch deletes the entry. If the entry has updated before the aging timer expires, the aging timer restarts.

NOTE:

A static or blackhole MAC address entry can overwrite a dynamic MAC address entry, but not vice versa.

MAC address table-based frame forwarding

When forwarding a frame, the switch adopts the following forwarding modes based on the MAC

address table:

Unicast mode: If an entry is available for the destination MAC address, the switch forwards the

•

frame out the outgoing interface indicated by the MAC address table entry.

Broadcast mode: If the switch receives a frame with the destination address being all ones, or no

•

entry is available for the destination MAC address, the switch broadcasts the frame to all the

interfaces except the receiving interface.

Configuring the MAC address table

The MAC address table configuration tasks include:

Manually configuring MAC address table entries

•

Configuring the aging timer for dynamic MAC address entries

Configuring the MAC learning limit on ports

•

These configuration tasks are all optional and can be performed in any order.

Table of Contents

Types Of Mac Address Table Entries; Mac Address Table-Based Frame Forwarding; Configuring The Mac Address Table - H3C S5120-SI series Configuration Manual

Types of MAC address table entries

MAC address table-based frame forwarding

Configuring the MAC address table

Related Manuals for H3C S5120-SI series

Related Content for H3C S5120-SI series

Table of Contents