Mac Address Table Configuration; How A Mac Address Table Entry Is Created - HP A6600 Configuration Manual
Layer 2 - lan switching
Hide thumbs
Also See for A6600:
- Configuration manual (501 pages) ,
- Getting started (222 pages) ,
- Limited warranty (41 pages)
Table of Contents
Advertisement
MAC address table configuration
The MAC address table configuration applies only to Layer 2 interfaces, including Layer 2 Ethernet
interfaces and Layer 2 aggregate interfaces.
This document covers only the configuration of unicast MAC address table entries, including static,
dynamic, and blackhole MAC address table entries. For more information about configuring static
multicast MAC address table entries, see IP Multicast Configuration Guide.
The SAP cards support the MAC address table configuration only when they work in Layer 2 mode.
An Ethernet router uses a MAC address table for forwarding frames through unicast instead of broadcast.
This table describes from which port a MAC address (or host) can be reached. When forwarding a frame,
the router first looks up the MAC address of the frame in the MAC address table for a match. If an entry is
found, the router forwards the frame out of the outgoing port in the entry. If no entry is found, the router
broadcasts the frame out of all but the incoming port.
How a MAC address table entry is created
The entries in the MAC address table come from two sources: automatically learned by the router and
manually added by the administrator.
MAC address learning
The router can populate its MAC address table automatically by learning the source MAC addresses of
incoming frames on each port.
When a frame arrives at a port, Port A for example, the router performs the following tasks:
Checks the source MAC address (for example, MAC-SOURCE) of the frame.
1.
Looks up the MAC address in the MAC address table.
2.
If an entry is found, updates the entry. If no entry is found, adds an entry for MAC-SOURCE and Port
3.
A.
The router performs the learning process each time it receives a frame from an unknown source MAC
address, until the MAC address table is fully populated.
After learning the source MAC address of a frame, the router looks up the destination MAC address in
the MAC address table. If an entry is found for the MAC address, the router forwards the frame out of the
specific outgoing port. In this example, it is Port A.
Manually configuring MAC address entries
With dynamic MAC address learning, a router does not distinguish between illegitimate and legitimate
frames. This can invite security hazards. For example, when a hacker sends frames with a forged source
MAC address to a port different from the one to which the real MAC address is connected, the router
creates an entry for the forged MAC address, and forwards frames destined for the legal user to the
hacker instead.
To enhance the security of a port, manually add MAC address entries to the MAC address table of the
router to bind specific user devices to the port. Because manually configured entries have higher priority
than dynamically learned ones, you can prevent hackers from stealing data using forged MAC
addresses.
1
Advertisement
Table of Contents
