Types Of Mac Address Table Entries; Mac Address Table-Based Frame Forwarding; Configuring The Mac Address Table; Configuring Mac Address Table Entries - H3C SR8800 Configuration Manual

10g core routers layer 2 - lan switching

Hide thumbs Also See for SR8800:

Command reference manual (107 pages)

Manual (5 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

page of 159

/ 159
Contents
Table of Contents
Bookmarks

Table of Contents

Manually configuring MAC address entries

With dynamic MAC address learning, a router does not distinguish illegitimate frames from legitimate

frames. This causes security hazards. For example, if a hacker sends frames with a forged source MAC

address to a port different from the one where the real MAC address is connected, the router will create

an entry for the forged MAC address, and will forward frames destined for the legal user to the hacker

instead.

To enhance the security of a port, you can manually add MAC address entries in the MAC address table

of the router to bind specific user devices to the port. Because manually configured entries have higher

priority than the dynamically learned ones, this prevents hackers from stealing data using forged MAC

addresses.

Types of MAC address table entries

A MAC address table may contain these types of entries:

Static entries—Static entries are manually configured and never age out.

•

Dynamic entries—Dynamic entries can be manually configured or dynamically learned and may

•

age out.

Blackhole entries—Blackhole entries are manually configured and never age out. Blackhole entries

•

are configured for filtering out frames with specific source or destination MAC addresses. For

example, to block all packets destined for a specific user for security concerns, you can configure

the MAC address of this user as a destination blackhole MAC address entry.

NOTE:

A static or blackhole MAC address entry can overwrite a dynamic MAC address entry, but not vice versa.

MAC address table-based frame forwarding

When forwarding a frame, the router adopts the following two forwarding modes based on the MAC

address table:

Unicast mode—If an entry is available for the destination MAC address, the router forwards the

•

frame out the outgoing interface indicated by the MAC address table entry.

•

Broadcast mode—If the router receives a frame with an all-ones destination address, or no entry is

available for the destination MAC address, the router broadcasts the frame to all the interfaces

except the receiving interface.

Configuring the MAC address table

The configuration tasks discussed in the following sections are all optional and can be performed in any

order.

Configuring MAC address table entries

To fence off MAC address spoofing attacks and improve port security, you can manually add MAC

address table entries to bind ports with MAC addresses.

You can also configure blackhole MAC address entries to filter out packets with certain source or

destination MAC addresses.

Table of Contents

Types Of Mac Address Table Entries; Mac Address Table-Based Frame Forwarding; Configuring The Mac Address Table; Configuring Mac Address Table Entries - H3C SR8800 Configuration Manual

Types of MAC address table entries

MAC address table-based frame forwarding

Configuring the MAC address table

Configuring MAC address table entries

Related Manuals for H3C SR8800

Related Content for H3C SR8800

Table of Contents