null  null
Table of Contents
1 MAC Address Table Management············································································································1-1
Overview ·················································································································································1-1
Introduction to MAC Address Table ································································································1-1
Introduction to MAC Address Learning ···························································································1-1
Managing MAC Address Table ·······································································································1-4
Configuring MAC Address Table Management ······················································································1-4
Configuration Task List····················································································································1-4
Configuring a MAC Address Entry ··································································································1-5
Setting the Aging Time of MAC Address Entries ············································································1-6
Setting the Maximum Number of MAC Addresses a Port Can Learn ·············································1-6
Disabling MAC Address learning for a VLAN ··················································································1-7
Displaying and Maintaining MAC Address Table····················································································1-8
Configuration Example····························································································································1-8
Adding a Static MAC Address Entry Manually ················································································1-8
i
1
MAC Address Table Management
z
The term switch used throughout this chapter refers to a switching device in a generic sense or the
switching engine of a unified switch in the WX3000 series.
z
The sample output information in this manual was created on the WX3024. The output information
on your device may vary.
z
This chapter describes the management of static, dynamic, and blackhole MAC address entries.
For information about the management of multicast MAC address entries, refer to Multicast in H3C
WX3000 Series Unified Switches Switching Engine Configuration Guide.
Overview
Introduction to MAC Address Table
A switch is mainly used to forward packets at the data link layer, that is, transmit the packets to the
corresponding ports according to the destination MAC address of the packets. To forward packets
quickly, a switch maintains a MAC address table, which is a Layer 2 address table recording the MAC
address-to-forwarding port association. Each entry in a MAC address table contains the following fields:
z
Destination MAC address
z
ID of the VLAN which a port belongs to
z
Forwarding egress port numbers on the local switch
When forwarding a packet, a switch adopts one of the two forwarding methods based on the MAC
address table entries.
z
Unicast forwarding: If the destination MAC address carried in the packet is included in a MAC
address table entry, the device forwards the packet through the forwarding egress port in the entry.
z
Broadcast forwarding: If the destination MAC address carried in the packet is not included in the
MAC address table, the device broadcasts the packet to all ports except the one receiving the
packet.
Introduction to MAC Address Learning
MAC address table entries can be updated and maintained through the following two ways:
z
Manual configuration
z
MAC address learning
1-1
Generally, the majority of MAC address entries are created and maintained through MAC address
learning. The following describes the MAC address learning process of the device:
1)
As shown in Figure 1-1, User A and User B are both in VLAN 1. When User A communicates with
User B, the packet from User A needs to be transmitted to GigabitEthernet 1/0/1. At this time, the
device records the source MAC address of the packet, that is, the address “MAC-A” of User A to
the MAC address table of the switch, forming an entry shown in Figure 1-2.
Figure 1-1 MAC address learning diagram (1)
User C
User B
Geth 1/0/4
Geth 1/0/3
Geth 1/0/1
User A
Figure 1-2 MAC address table entry of the switch (1)
2)
MAC-address
Port
VLAN ID
MAC-A
GigabitEthernet1/0/1
1
After learning the MAC address of User A, the device starts to forward the packet. Because there is
no MAC address and port information of User B in the existing MAC address table, the device
forwards the packet to all ports except GigabitEthernet 1/0/1 to ensure that User B can receive the
packet.
Figure 1-3 MAC address learning diagram (2)
User B
User C
Geth 1/0/4
Geth 1/0/3
GEth 1/0/1
User A
1-2
3)
Because the device broadcasts the packet, both User B and User C can receive the packet.
However, User C is not the destination device of the packet, and therefore does not process the
packet. Normally, User B will respond to User A, as shown in Figure 1-4. When the response
packet from User B is sent to GigabitEthernet 1/0/4, the device records the association between
the MAC address of User B and the corresponding port to its MAC address table.
Figure 1-4 MAC address learning diagram (3)
User C
User B
Geth 1/0/4
Geth 1/0/3
Geth 1/0/1
User A
4)
At this time, the MAC address table of the device includes two forwarding entries shown in Figure
1-5. When forwarding the response packet, the device unicasts the packet instead of broadcasting
it to User A through GigabitEthernet 1/0/1, because MAC-A is already in the MAC address table.
Figure 1-5 MAC address table entries of the switch (2)
MAC-address
Port
VLAN ID
MAC-A
GigabitEthernet1/0/1
1
MAC-B
GigabitEthernet1/0/4
1
5)
After this interaction, the device directly unicasts the communication packets between User A and
User B based on the corresponding MAC address table entries.
z
Under some special circumstances, for example, User B is unreachable or User B receives the
packet but does not respond to it, the device cannot learn the MAC address of User B. Hence, the
device still broadcasts the packets destined for User B.
z
The device learns only unicast addresses by using the MAC address learning mechanism but
directly drops any packet with a broadcast source MAC address.
1-3
Managing MAC Address Table
Aging of MAC address table
To fully utilize a MAC address table, which has a limited capacity, the device uses an aging mechanism
for updating the table. That is, the device starts an aging timer for an entry when dynamically creating
the entry, and removes the MAC address entry if no more packets with the MAC address recorded in the
entry are received within the aging time.
Aging timer only takes effect on dynamic MAC address entries.
Entries in a MAC address table
Entries in a MAC address table fall into the following categories according to their characteristics and
configuration methods:
z
Static MAC address entry: Also known as permanent MAC address entry. This type of MAC
address entries are added/removed manually and can not age out by themselves. Using static
MAC address entries can reduce broadcast packets remarkably and are suitable for networks
where network devices seldom change.
z
Dynamic MAC address entry: Dynamic MAC address entries age out after the configured aging
time. They are generated by the MAC address learning mechanism or configured manually.
z
Blackhole MAC address entry: Blackhole MAC address entries are configured manually. The
device discards the packets destined for or originated from the MAC addresses contained in
blackhole MAC address entries.
Table 1-1 lists the different types of MAC address entries and their characteristics.
Table 1-1 Characteristics of different types of MAC address entries
MAC address entry
Configuration method
Aging time
Reserved or not at reboot (if the
configuration is saved)
Static MAC address entry
Manually configured
Unavailable
Yes
Dynamic MAC address
entry
Manually configured or
generated by MAC
address learning
mechanism
Available
No
Blackhole MAC address
entry
Manually configured
Unavailable
Yes
Configuring MAC Address Table Management
Configuration Task List
Complete the following tasks to configure MAC address table management:
1-4
Task
Remarks
Configuring a MAC Address Entry
Required
Setting the Aging Time of MAC Address Entries
Optional
Setting the Maximum Number of MAC Addresses a Port Can Learn
Optional
Disabling MAC Address learning for a VLAN
Optional
Configuring a MAC Address Entry
You can add, modify, or remove a MAC address entry, remove all MAC address entries concerning a
specific port, or remove specific type of MAC address entries (dynamic or static MAC address entries).
You can add a MAC address entry in either system view or Ethernet port view.
Adding a MAC address entry in system view
Follow these steps to add a MAC address entry in system view:
To do…
z
Use the command…
Remarks
Enter system view
system-view
—
Add a MAC address entry
mac-address { static | dynamic | blackhole }
mac-address interface interface-type
interface-number vlan vlan-id
Required
When you add a MAC address entry, the port specified by the interface argument must belong to
the VLAN specified by the vlan argument in the command. Otherwise, the entry will not be added.
z
If the VLAN specified by the vlan argument is a dynamic VLAN, after a static MAC address is
added, it will become a static VLAN.
Adding a MAC address entry in Ethernet port view
Follow these steps to add a MAC address entry in Ethernet port view:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type interface-number
—
Add a MAC address entry
mac-address { static | dynamic | blackhole }
mac-address vlan vlan-id
Required
1-5
z
When you add a MAC address entry, the current port must belong to the VLAN specified by the
vlan argument in the command. Otherwise, the entry will not be added.
z
If the VLAN specified by the vlan argument is a dynamic VLAN, after a static MAC address is
added, it will become a static VLAN.
Setting the Aging Time of MAC Address Entries
Setting aging time properly helps effective utilization of MAC address aging. The aging time that is too
long or too short affects the performance of the device.
z
If the aging time is too long, excessive invalid MAC address entries maintained by the device may
fill up the MAC address table. This prevents the MAC address table from being updated with
network changes in time.
z
If the aging time is too short, the device may remove valid MAC address entries. This decreases
the forwarding performance of the device.
Follow these steps to set the aging time of MAC address entries:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Set the aging time of MAC
address entries
mac-address timer { aging age |
no-aging }
Required
The default aging time is 300 seconds.
Normally, you are recommended to use the default aging time, namely, 300 seconds. The no-aging
keyword specifies that MAC address entries do not age out.
MAC address aging configuration applies to all ports, but only takes effect on dynamic MAC addresses
that are learnt or configured to age.
Setting the Maximum Number of MAC Addresses a Port Can Learn
The MAC address learning mechanism enables the device to acquire the MAC addresses of the
network devices on the segment connected to the ports of the device. By searching the MAC address
table, the device directly forwards the packets destined for these MAC addresses through the hardware,
improving the forwarding efficiency. A MAC address table too big in size may prolong the time for
searching MAC address entries, thus decreasing the forwarding performance of the device.
By setting the maximum number of MAC addresses that can be learned from individual ports, the
administrator can control the number of the MAC address entries the MAC address table can
1-6
dynamically maintain. When the number of the MAC address entries learnt from a port reaches the set
value, the port stops learning MAC addresses.
Follow these steps to set the maximum number of MAC addresses a port can learn:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
—
Set the maximum number of MAC
addresses the port can learn
mac-address max-mac-count
count
Required
By default, the number of the MAC
addresses a port can learn is not
limited.
Specifying the maximum number of MAC addresses a port can learn disables centralized MAC address
authentication and port security on the port. On the other hand, if you enable centralized MAC address
authentication and port security on a port, you cannot specify the maximum number of MAC addresses
the port can learn.
Disabling MAC Address learning for a VLAN
You can disable a switch from learning MAC addresses in specific VLANs to improve stability and
security for the users belong to these VLANs and prevent unauthorized accesses.
Follow these steps to disable MAC address learning for a VLAN:
To do…
z
Use the command…
Remarks
Enter system view
system-view
—
Enter VLAN view
vlan vlan-id
—
Disable the switch from learning
MAC addresses in the VLAN
mac-address max-mac-count 0
Required
By default, the device learns MAC
addresses in every VLAN.
If the VLAN is configured as a remote probe VLAN used by port mirroring, you can not disable MAC
address learning of this VLAN. Similarly, after you disable MAC address learning, this VLAN can
not be configured as a remote probe VLAN.
z
Disabling the MAC address learning function of a VLAN takes no effect on enabling the centralized
MAC address authentication on the ports that belong to the VLAN.
1-7
Displaying and Maintaining MAC Address Table
To do…
Use the command…
Display information about the MAC
address table
Display the aging time of the
dynamic MAC address entries in
the MAC address table
Remarks
display mac-address
[ display-option ]
The display command can be
executed in any view.
display mac-address aging-time
Configuration Example
Adding a Static MAC Address Entry Manually
Network requirements
The server connects to the device through GigabitEthernet 1/0/2. To prevent the device from
broadcasting packets destined for the server, it is required to add the MAC address of the server to the
MAC address table of the device, which then forwards packets destined for the server through
GigabitEthernet 1/0/2.
z
The MAC address of the server is 000f-e20f-dc71.
z
Port GigabitEthernet 1/0/2 belongs to VLAN 1.
Configuration procedure
# Enter system view.
<device> system-view
# Add a MAC address, with the VLAN, ports, and states specified.
[device] mac-address static 000f-e20f-dc71
interface GigabitEthernet 1/0/2 vlan 1
# Display information about the current MAC address table.
[device] display mac-address interface GigabitEthernet 1/0/2
MAC ADDR
VLAN ID STATE
PORT INDEX
AGING TIME(s)
000f-e20f-dc71
1
Config static
GigabitEthernet1/0/2
NOAGED
000f-e20f-a7d6
1
Learned
GigabitEthernet1/0/2
AGING
000f-e20f-b1fb
1
Learned
GigabitEthernet1/0/2
AGING
000f-e20f-f116
1
Learned
GigabitEthernet1/0/2
AGING
---
4 mac address(es) found on port GigabitEthernet1/0/2 ---
1-8
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement