05-MAC Address Table Configuration

Contents
Configuring the MAC address table ······················································1

Overview ·································································································································· 1
How a MAC address entry is created ······················································································· 1
Types of MAC address entries ······························································································· 1
MAC address table configuration task list ························································································ 2
Configuring MAC address entries ·································································································· 3
Configuration guidelines ······································································································· 3
Adding or modifying a static or dynamic MAC address entry globally ·············································· 3
Adding or modifying a static or dynamic MAC address entry on an interface ···································· 3
Adding or modifying a blackhole MAC address entry ··································································· 4
Adding or modifying a multiport unicast MAC address entry ·························································· 4
Disabling MAC address learning ··································································································· 5
Disabling global MAC address learning ···················································································· 5
Disabling MAC address learning on interfaces ··········································································· 6
Disabling MAC address learning on a VLAN·············································································· 6
Setting the aging timer for dynamic MAC address entries ··································································· 6
Setting the MAC learning limit ······································································································· 7
Configuration restrictions and guidelines ·················································································· 7
Setting the MAC learning limit on an interface············································································ 7
Setting the MAC learning limit for a VLAN ················································································· 8
Configuring the unknown frame forwarding rule after the MAC learning limit is reached ···························· 8
Configuration restrictions and guidelines ·················································································· 8
Configuring the device to forward unknown frames after the MAC learning limit on an interface is reached
······································································································································· 8
Configuring the device to forward unknown frames after the MAC learning limit for a VLAN is reached ·· 9
Assigning MAC learning priority to interfaces ··················································································· 9
Enabling MAC address synchronization ························································································ 10
Configuring MAC address move notifications and suppression ·························································· 11
Enabling ARP fast update for MAC address moves ········································································· 12
Disabling static source check······································································································ 13
Enabling SNMP notifications for the MAC address table ··································································· 14
Displaying and maintaining the MAC address table ········································································· 14
MAC address table configuration example ····················································································· 15
Network requirements ········································································································ 15
Configuration procedure ····································································································· 15
Verifying the configuration ··································································································· 15
Configuring MAC Information ···························································· 16
Enabling MAC Information ········································································································· 16
Configuring the MAC Information mode ························································································ 16
Setting the MAC change notification interval ·················································································· 17
Setting the MAC Information queue length ···················································································· 17
MAC Information configuration example ························································································ 17
Network requirements ········································································································ 17
Configuration restrictions and guidelines ················································································ 17
Configuration procedure ····································································································· 18
i
Configuring the MAC address table
Overview
An Ethernet device uses a MAC address table to forward frames. A MAC address entry includes a
destination MAC address, an outgoing interface, and a VLAN ID. When the device receives a frame,
it uses the destination MAC address of the frame to look for a match in the MAC address table.
• The device forwards the frame out of the outgoing interface in the matching entry if a match is
found.
• The device floods the frame in the VLAN of the frame if no match is found.
How a MAC address entry is created

The entries in the MAC address table include entries automatically learned by the device and entries
manually added.
MAC address learning
The device can automatically populate its MAC address table by learning the source MAC addresses
of incoming frames on each interface.
The device performs the following operations to learn the source MAC address of incoming packets:
1. Checks the source MAC address (for example, MAC-SOURCE) of the frame.
2. Looks up the source MAC address in the MAC address table.
{ The device updates the entry if an entry is found.
{ The device adds an entry for MAC-SOURCE and the incoming port if no entry is found.
When the device receives a frame destined for MAC-SOURCE after learning this source MAC
address, the device performs the following operations:
1. Finds the MAC-SOURCE entry in the MAC address table.
2. Forwards the frame out of the port in the entry.
The device performs the learning process for each incoming frame with an unknown source MAC
address until the table is fully populated.
Manually configuring MAC address entries
Dynamic MAC address learning does not distinguish between illegitimate and legitimate frames,
which can invite security hazards. When Host A is connected to port A, a MAC address entry will be
learned for the MAC address of Host A (for example, MAC A). When an illegal user sends frames
with MAC A as the source MAC address to port B, the device performs the following operations:
1. Learns a new MAC address entry with port B as the outgoing interface and overwrites the old
entry for MAC A.
2. Forwards frames destined for MAC A out of port B to the illegal user.
As a result, the illegal user obtains the data of Host A. To improve the security for Host A, manually
configure a static entry to bind Host A to port A. Then, the frames destined for Host A are always sent
out of port A. Other hosts using the forged MAC address of Host A cannot obtain the frames destined
for Host A.
Types of MAC address entries

A MAC address table can contain the following types of entries:
1
• Static entries—A static entry is manually added to forward frames with a specific destination
MAC address out of the associated interface, and it never ages out. A static entry has higher
priority than a dynamically learned one.
• Dynamic entries—A dynamic entry can be manually configured or dynamically learned to
forward frames with a specific destination MAC address out of the associated interface. A
dynamic entry might age out. A manually configured dynamic entry has the same priority as a
dynamically learned one.
• Blackhole entries—A blackhole entry is manually configured and never ages out. A blackhole
entry is configured for filtering out frames with a specific source or destination MAC address.
For example, to block all frames destined for or sourced from a user, you can configure the
MAC address of the user as a blackhole MAC address entry. A blackhole entry has higher
priority than a dynamically learned one.
• Multiport unicast entries—A multiport unicast entry is manually added to send frames with a
specific unicast destination MAC address out of multiple ports, and it never ages out. A multiport
unicast entry has higher priority than a dynamically learned one.
A static, blackhole, or multiport unicast MAC address entry can overwrite a dynamic MAC address
entry, but not vice versa. A static entry, a blackhole entry, and a multiport unicast entry cannot
overwrite one another.
MAC address table configuration task list

The configuration tasks discussed in the following sections can be performed in any order.
This document covers only the configuration of unicast MAC address entries, including static,
dynamic, blackhole, and multiport unicast MAC address entries. For information about configuring
static multicast MAC address entries, see IP Multicast Configuration Guide. For information about
MAC address table configuration in VPLS, see MPLS Configuration Guide.
To configure the MAC address table, perform the following tasks:
Tasks at a glance
(Optional.) Configuring MAC address entries
• Adding or modifying a static or dynamic MAC address entry globally
• Adding or modifying a static or dynamic MAC address entry on an interface
• Adding or modifying a blackhole MAC address entry
• Adding or modifying a multiport unicast MAC address entry
(Optional.) Disabling MAC address learning
(Optional.) Setting the aging timer for dynamic MAC address entries
(Optional.) Setting the MAC learning limit
(Optional.) Configuring the unknown frame forwarding rule after the MAC learning limit is reached
(Optional.) Assigning MAC learning priority to interfaces
(Optional.) Enabling MAC address synchronization
(Optional.) Configuring MAC address move notifications and suppression
(Optional.) Enabling ARP fast update for MAC address moves
(Optional.) Disabling static source check
(Optional.) Enabling SNMP notifications for the MAC address table
2
Configuring MAC address entries
Configuration guidelines
• You cannot add a dynamic MAC address entry if a learned entry already exists with a different
outgoing interface for the MAC address.
• The manually configured static, blackhole, and multiport unicast MAC address entries cannot
survive a reboot if you do not save the configuration. The manually configured dynamic MAC
address entries are lost upon reboot whether or not you save the configuration.
A frame whose source MAC address matches different types of MAC address entries is processed
differently.
Type Description
Forwards the frame according to the destination MAC address regardless of
Static MAC address entry
whether the frame's ingress interface is the same as that in the entry.
• Learns the MAC address of the frame and generates a dynamic MAC
Multiport unicast MAC address entry, but the generated dynamic MAC address entry does not
address entry take effect.
• Forwards the frame based on the multiport unicast MAC address entry.
Blackhole MAC address
Drops the frame.
entry
• Learns the MAC address of the frames received on a different interface
Dynamic MAC address from that in the entry and overwrites the original entry.
entry • Forwards the frame received on the same interface as that in the entry
and updates the aging timer for the entry.
Adding or modifying a static or dynamic MAC address entry

globally
Step Command Remarks
1. Enter system view. system-view N/A
By default, no MAC address entry
mac-address { dynamic | static } is configured globally.
2. Add or modify a static or mac-address interface
dynamic MAC address entry. interface-type interface-number Make sure you have created the
vlan vlan-id VLAN and assigned the interface
to the VLAN.
Adding or modifying a static or dynamic MAC address entry

on an interface
• Enter Layer 2 Ethernet
interface view:
2. Enter interface view. N/A
interface interface-type
interface-number
3
• Enter Layer 2 aggregate
interface view:
interface
bridge-aggregation
interface-number
By default, no MAC address entry
is configured on the interface.
3. Add or modify a static or mac-address { dynamic | static }
dynamic MAC address entry. mac-address vlan vlan-id Make sure you have created the
VLAN and assigned the interface
to the VLAN.
Adding or modifying a blackhole MAC address entry

By default, no blackhole MAC
2. Add or modify a blackhole mac-address blackhole address entry is configured.
MAC address entry. mac-address vlan vlan-id Make sure you have created the
VLAN.
Adding or modifying a multiport unicast MAC address entry

You can configure a multiport unicast MAC address entry to associate a unicast destination MAC
address with multiple ports. The frame with a destination MAC address matching the entry is sent out
of multiple ports.
For example, in NLB unicast mode (see Figure 1):
• All servers within a cluster uses the cluster's MAC address as their own address.
• Frames destined for the cluster are forwarded to every server in the group.
In this case, you can configure a multiport unicast MAC address entry on the device connected to the
server group. Then, the device forwards the frame destined for the server group to every server
through all ports connected to the servers within the cluster.
Figure 1 NLB cluster
You can configure a multiport unicast MAC address entry globally or on an interface.
4
Configuring a multiport unicast MAC address entry globally

By default, no multiport unicast
MAC address entry is configured
2. Add or modify a multiport mac-address multiport globally.
unicast MAC address entry. mac-address interface
interface-list vlan vlan-id Make sure you have created the
to the VLAN.
Configuring a multiport unicast MAC address entry on an interface

interface view:
interface-number
2. Enter interface view. • Enter Layer 2 aggregate N/A
interface view:
interface
bridge-aggregation
interface-number
By default, no multiport unicast
MAC address entry is configured
3. Add the interface to a on the interface.
multiport unicast MAC mac-address multiport
address entry. mac-address vlan vlan-id Make sure you have created the
to the VLAN.
Disabling MAC address learning

MAC address learning is enabled by default. To prevent the MAC address table from being saturated
when the device is experiencing attacks, disable MAC address learning. For example, you can
disable MAC address learning to prevent the device from being attacked by a large amount of frames
with different source MAC addresses.
After MAC address learning is disabled, the device immediately deletes existing dynamic MAC
address entries.
Disabling global MAC address learning

After global MAC address learning is disabled, the device stops learning MAC addresses.
Global MAC address learning does not take effect on a VPLS VSI or VXLAN VSI. For information
about VPLS VSIs, see MPLS Configuration Guide. For information about VXLAN VSIs, see VXLAN
Configuration Guide.
To disable global MAC address learning:

2. Disable global MAC address undo mac-address By default, global MAC address
5
learning. mac-learning enable learning is enabled.
Disabling MAC address learning on interfaces

When global MAC address learning is enabled, you can disable MAC address learning on a single
interface.
To disable MAC address learning on an interface:

• Enter Layer 2 Ethernet interface
view:
interface-number
interface view:
interface bridge-aggregation
interface-number
3. Disable MAC address By default, MAC address

undo mac-address mac-learning
learning on the interface. learning on the interface is
enable
enabled.
Disabling MAC address learning on a VLAN

When global MAC address learning is enabled, you can disable MAC address learning on a
per-VLAN basis.
To disable MAC address learning on a VLAN:

2. Enable global MAC address mac-address mac-learning By default, global MAC address
learning. enable learning is enabled.
3. Enter VLAN view. vlan vlan-id N/A
4. Disable MAC address undo mac-address By default, MAC address learning
learning on the VLAN. mac-learning enable on the VLAN is enabled.
Setting the aging timer for dynamic MAC address

entries
For security and efficient use of table space, the MAC address table uses an aging timer for each
dynamic MAC address entry. If a dynamic MAC address entry is not updated before the aging timer
expires, the device deletes the entry. This aging mechanism ensures that the MAC address table can
promptly update to accommodate latest network topology changes.
A stable network requires a longer aging interval, and an unstable network requires a shorter aging
interval.
6
An aging interval that is too long might cause the MAC address table to retain outdated entries. As a
result, the MAC address table resources might be exhausted, and the MAC address table might fail
to update its entries to accommodate the latest network changes.
An interval that is too short might result in removal of valid entries, which would cause unnecessary
floods and possibly affect the device performance.
To reduce floods on a stable network, set a long aging timer or disable the timer to prevent dynamic
entries from unnecessarily aging out. Reducing floods improves the network performance. Reducing
flooding also improves the security because it reduces the chances for a data frame to reach
unintended destinations.
To set the aging timer for dynamic MAC address entries:

The default setting is 300
2. Set the aging timer for seconds.
dynamic MAC address mac-address timer { aging
entries. seconds | no-aging } The no-aging keyword disables
the aging timer.
Setting the MAC learning limit

Configuration restrictions and guidelines
In an IRF 3.1 system, interfaces and VLANs on PEXs do not support this feature. For more
information about PEXs, see Virtual Technologies Configuration Guide.
The MAC address learning limit does not take manually configured dynamic MAC addresses into
account.
This feature does not take effect when MAC-based VLANs or voice VLANs are configured or MAC
authentication is performed. For more information about MAC-based VLANs and voice VLANs, see
"Configuring VLANs" and "Configuring voice VLANs." For more information about MAC
authentication, see Security Configuration Guide.
For the MAC learning limit feature to function correctly, do not configure this feature in both interface
view and VLAN view.
If you configure this feature in the view of a VLAN, only basic VLAN commands and port-based
VLAN commands are supported on the VLAN. For more information, see VLANs in Layer 2—LAN
Switching Command Reference.
Setting the MAC learning limit on an interface

This feature limits the MAC address table size. A large MAC address table will degrade forwarding
performance.
If you set the MAC learning limit on a member port of an aggregation group, the setting takes effect
only after the member port is removed from the aggregation group.
To set the MAC learning limit on an interface:

2. Enter Layer 2 Ethernet interface interface-type
interface view. N/A
interface-number
7
3. Set the MAC learning limit on By default, the number of MAC

mac-address max-mac-count
the interface. addresses that can be learned on
count
an interface is not limited.
Setting the MAC learning limit for a VLAN

You can limit the number of MAC addresses that can be learned for a VLAN.
To configure the MAC learning limit for a VLAN:

3. Set the MAC leaning limit for mac-address max-mac-count By default, no MAC learning limit
the VLAN. count is set for a VLAN.
Configuring the unknown frame forwarding rule

after the MAC learning limit is reached
You can enable or disable forwarding of unknown frames after the MAC learning limit is reached.
In this document, unknown frames refer to frames whose source MAC addresses are not in the MAC
address table.

For this feature to function correctly, do not configure this feature in both interface view and VLAN
view.
If you configure this feature in the view of a VLAN, only basic VLAN commands and port-based
VLAN commands are supported on the VLAN. For more information, see VLANs in Layer 2—LAN
Switching Command Reference.
Configuring the device to forward unknown frames after the

MAC learning limit on an interface is reached
interface view.
interface-number
interface view.
interface
bridge-aggregation
interface-number
8
By default, the device can forward
unknown frames received on an
3. Configure the device to interface after the MAC learning
forward unknown frames limit on the interface is reached.
received on the interface mac-address max-mac-count
after the MAC learning limit enable-forwarding You cannot use the undo
on the interface is reached. mac-address max-mac-count
enable-forwarding command on
Layer 2 aggregate interfaces.
Configuring the device to forward unknown frames after the

MAC learning limit for a VLAN is reached
3. Configure the device to By default, the device can forward

forward unknown frames unknown frames received on
received on interfaces in the mac-address max-mac-count
interfaces in a VLAN after the
VLAN after the MAC learning enable-forwarding
MAC learning limit for the VLAN is
limit for the VLAN is reached. reached.
Assigning MAC learning priority to interfaces

The MAC learning priority mechanism assigns either low priority or high priority to an interface. An
interface with high priority can learn MAC addresses as usual. However, an interface with low priority
is not allowed to learn MAC addresses already learned on a high-priority interface.
The MAC learning priority mechanism can help defend your network against MAC address spoofing
attacks. In a network that performs MAC-based forwarding, an upper layer device MAC address
might be learned by a downlink interface because of a loop or attack to the downlink interface. To
avoid this issue, perform the following tasks:
• Assign high MAC learning priority to an uplink interface.
• Assign low MAC learning priority to a downlink interface.
To assign MAC learning priority to an interface:

view:
interface-number
interface view:
interface-number
3. Assign MAC learning priority mac-address mac-learning priority By default, low MAC learning
9
to the interface. { high | low } priority is used.
Enabling MAC address synchronization

(In standalone mode.) To avoid unnecessary floods and improve forwarding speed, make sure all
cards have the same MAC address table. After you enable MAC address synchronization, each card
advertises learned MAC address entries to other cards.
(In IRF mode.) To avoid unnecessary floods and improve forwarding speed, make sure all cards
have the same MAC address table. After you enable MAC address synchronization, each card
advertises learned MAC address entries to other cards of all member devices.
As shown in Figure 2:
• Device A and Device B form an IRF fabric enabled with MAC address synchronization.
• Device A and Device B connect to AP C and AP D, respectively.
When Client A associates with AP C, Device A learns a MAC address entry for Client A and
advertises it to Device B.
Figure 2 MAC address tables of devices when Client A accesses AP C
When Client A roams to AP D, Device B learns a MAC address entry for Client A. Device B
advertises it to Device A to ensure service continuity for Client A, as shown in Figure 3.
10
Figure 3 MAC address tables of devices when Client A roams to AP D
To enable MAC address synchronization:

2. Enable MAC address mac-address mac-roaming By default, MAC address
synchronization. enable synchronization is disabled.
Configuring MAC address move notifications and

suppression
The outgoing interface for a MAC address entry learned on interface A is changed to interface B
when the following conditions exist:
• Interface B receives a packet with the MAC address as the source MAC address.
• Interface B belongs to the same VLAN as interface A.
In this case, the MAC address is moved from interface A to interface B, and a MAC address move
occurs.
The MAC address move notifications feature enables the device to output MAC address move logs
when MAC address moves are detected.
If a MAC address is continuously moved between the two interfaces, Layer 2 loops might occur. To
detect and locate loops, you can view the MAC address move information. To display the MAC
address move records after the device is started, use the display mac-address mac-move
command.
If the system detects that MAC address moves occur frequently on an interface, you can configure
MAC address move suppression to shut the interface down. The interface automatically goes up
after a suppression interval. Or, you can manually bring up the interface.
To configure MAC address move notifications and MAC address move suppression:
11
By default, MAC address move
notifications are disabled.
If you do not specify a detection
interval, the default setting of 1
2. Enable MAC address move minute is used.
notifications and optionally mac-address notification After you execute this command, the
specify a MAC move mac-move [ interval interval ] system sends only log messages to
detection interval. the information center module. If the
device is also configured with the
snmp-agent trap enable
mac-address command, the
system also sends SNMP
notifications to the SNMP module.
3. (Optional.) Set MAC mac-address notification

By default, the suppression interval
address move suppression mac-move suppression
is 30 seconds, and the suppression
parameters. { interval interval | threshold
threshold is 3.
threshold }
interface view:
interface-number
interface view:
interface
bridge-aggregation
interface-number
5. Enable MAC address move mac-address notification By default, MAC address move
suppression. mac-move suppression suppression is disabled.
Enabling ARP fast update for MAC address

moves
ARP fast update for MAC address moves allows the device to update an ARP entry immediately after
the outgoing interface for a MAC address changes. This feature ensures data connection without
interruption.
As shown in Figure 4, a mobile user laptop accesses the network by connecting to AP 1 or AP 2.
When the AP to which the user connects changes, the switch updates the ARP entry for the user
immediately after it detects a MAC address move.
12
Figure 4 ARP fast update application scenario
To enable ARP fast update for MAC address moves:

2. Enable ARP fast update for mac-address mac-move By default, ARP fast update for
MAC address moves. fast-update MAC address moves is disabled.
Disabling static source check

By default, the static source check feature is enabled on an interface. The check identifies whether a
received frame meets the following conditions:
• The source MAC address of the frame matches a static MAC address entry.
• The incoming interface of the frame is different from the outgoing interface in the entry.
If the frame meets both conditions, the device drops the frame.
When this feature is disabled, the device does not perform the check for a received frame. It can
forward the frame whether or not the frame meets the conditions.
To correctly forward traffic sourced from the MAC address of a VLAN interface, you must disable the
static source check feature on the Layer 2 interfaces in the VLAN.
To disable the static source check feature:

view:
interface-number
interface view:
interface-number
3. Disable the static source undo mac-address static By default, the static source
check feature. source-check enable check feature is enabled.
13
Enabling SNMP notifications for the MAC address
table
To report critical MAC address move events to an NMS, enable SNMP notifications for the MAC
address table. For MAC address move event notifications to be sent correctly, you must also
configure SNMP on the device.
When SNMP notifications are disabled for the MAC address table, the device sends the generated
logs to the information center. To display the logs, configure the log destination and output rule
configuration in the information center.
For more information about SNMP and information center configuration, see the network
management and monitoring configuration guide for the device.
To enable SNMP notifications for the MAC address table:

By default, SNMP notifications are enabled
for the MAC address table.
2. Enable SNMP
notifications for the snmp-agent trap enable When SNMP notifications are disabled for the
MAC address table. mac-address [ mac-move ] MAC address table, syslog messages are
sent to notify important events on the MAC
address table module.
Displaying and maintaining the MAC address

table
Execute display commands in any view.
Task Command
display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic |
Display MAC address table
static ] [ interface interface-type interface-number ] | blackhole |
information.
multiport ] [ vlan vlan-id ] [ count ] ]
Display the aging timer for dynamic
display mac-address aging-time
MAC address entries.
Display the system or interface MAC display mac-address mac-learning [ interface interface-type
address learning state. interface-number ]
Display MAC address statistics. display mac-address statistics
(In standalone mode.) Display the
display mac-address mac-move [ slot slot-number ]
MAC address move records.
(In IRF mode.) Display the MAC display mac-address mac-move [ chassis chassis-number slot
address move records. slot-number ]
14
MAC address table configuration example
Network requirements
As shown in Figure 5:
• Host A at MAC address 000f-e235-dc71 is connected to GigabitEthernet 1/0/1 of Device and
belongs to VLAN 1.
• Host B at MAC address 000f-e235-abcd, which behaved suspiciously on the network, also
belongs to VLAN 1.
Configure the MAC address table as follows:
• To prevent MAC address spoofing, add a static entry for Host A in the MAC address table of
Device.
• To drop all frames destined for Host B, add a blackhole MAC address entry for Host B.
• Set the aging timer to 500 seconds for dynamic MAC address entries.
Figure 5 Network diagram
Configuration procedure
# Add a static MAC address entry for MAC address 000f-e235-dc71 on GigabitEthernet 1/0/1 that
belongs to VLAN 1.
<Device> system-view
[Device] mac-address static 000f-e235-dc71 interface gigabitethernet 1/0/1 vlan 1
# Add a blackhole MAC address entry for MAC address 000f-e235-abcd that belongs to VLAN 1.
[Device] mac-address blackhole 000f-e235-abcd vlan 1
# Set the aging timer to 500 seconds for dynamic MAC address entries.
[Device] mac-address timer aging 500
Verifying the configuration

# Display the static MAC address entries for GigabitEthernet 1/0/1.
[Device] display mac-address static interface gigabitethernet 1/0/1
MAC Address VLAN ID State Port/Nickname Aging
000f-e235-dc71 1 Static GE1/0/1 N
# Display the blackhole MAC address entries.

[Device] display mac-address blackhole
MAC Address VLAN ID State Port/Nickname Aging
000f-e235-abcd 1 Blackhole N/A N
# Display the aging time of dynamic MAC address entries.

[Device] display mac-address aging-time
MAC address aging time: 500s.
15
Configuring MAC Information
The MAC Information feature can generate syslog messages or SNMP notifications when MAC
address entries are learned or deleted. You can use these messages to monitor user's leaving or
joining the network and analyze network traffic.
The MAC Information feature buffers the MAC change syslog messages or SNMP notifications in a
queue. The device overwrites the oldest MAC address change written into the queue with the most
recent MAC address change when the following conditions exist:
• The MAC change notification interval does not expire.
• The queue has been exhausted.
To send a syslog message or SNMP notification immediately after it is created, set the queue length
to zero.
Enabling MAC Information

2. Enable MAC Information By default, MAC Information is
globally. mac-address information enable
globally disabled.
3. Enter Layer 2 Ethernet interface interface-type
interface view. N/A
interface-number
By default, MAC Information is
disabled on the interface.
4. Enable MAC Information on mac-address information enable
the interface. { added | deleted } Make sure you have enabled
MAC Information globally before
you enable it on the interface.
Configuring the MAC Information mode

The following MAC Information modes are available for sending MAC address changes:
• Syslog—The device sends syslog messages to notify MAC address changes. The device
sends syslog messages to the information center, which then outputs them to the monitoring
terminal. For more information about information center, see Network Management and
Monitoring Configuration Guide.
• Trap—The device sends SNMP notifications to notify MAC address changes. The device sends
SNMP notifications to the NMS. For more information about SNMP, see Network Management
and Monitoring Configuration Guide.
To configure the MAC Information mode:

2. Configure the MAC mac-address information mode
Information mode. The default setting is trap.
{ syslog | trap }
16
Setting the MAC change notification interval
To prevent syslog messages or SNMP notifications from being sent too frequently, you can set the
MAC change notification interval to a larger value.
To set the MAC change notification interval:

2. Set the MAC change mac-address information
notification interval. The default setting is 1 second.
interval interval
Setting the MAC Information queue length

2. Set the MAC Information mac-address information
queue length. The default setting is 50.
queue-length value
MAC Information configuration example

Network requirements
Enable MAC Information on GigabitEthernet 1/0/1 on Device in Figure 6 to send MAC address
changes in syslog messages to the log host, Host B, through interface GigabitEthernet 1/0/2.
Figure 6 Network diagram
Device
GE1/0/1 GE1/0/3
Host A GE1/0/2
Server
192.168.1.1/24 192.168.1.3/24
Host B
192.168.1.2/24

When you edit the file /etc/syslog.conf, follow these restrictions and guidelines:
• Comments must be on a separate line and must begin with a pound sign (#).
• No redundant spaces are allowed after the file name.
• The logging facility name and the severity level specified in the /etc/syslog.conf file must be
the same as those configured on the device. Otherwise, the log information might not be output
17
correctly to the log host. The logging facility name and the severity level are configured by using
the info-center loghost and info-center source commands, respectively.
Configuration procedure
1. Configure Device to send syslog messages to Host B:
# Enable the information center.
<Device> system-view
[Device] info-center enable
# Specify the log host 192.168.1.2/24 and specify local4 as the logging facility.
[Device] info-center loghost 192.168.1.2 facility local4
# Disable log output to the log host.
[Device] info-center source default loghost deny
To avoid output of unnecessary information, disable all modules from outputting logs to the
specified destination (loghost, in this example) before you configure an output rule.
# Configure an output rule to output to the log host MAC address logs that have a severity level
no lower than informational.
[Device] info-center source mac loghost level informational
2. Configure the log host, Host B:
Configure Solaris as follows. Configure other UNIX operating systems in the same way Solaris
is configured.
a. Log in to the log host as a root user.
b. Create a subdirectory named Device in directory /var/log/.
# mkdir /var/log/Device
c. Create file info.log in the Device directory to save logs from Device.
# touch /var/log/Device/info.log
d. Edit the file syslog.conf in directory /etc/ and add the following contents:
# Device configuration messages
local4.info /var/log/Device/info.log
In this configuration, local4 is the name of the logging facility that the log host uses to
receive logs, and info is the informational level. The UNIX system records the log
information that has a severity level no lower than informational to the file
/var/log/Device/info.log.
e. Display the process ID of syslogd, end the syslogd process, and then restart syslogd
using the –r option to make the new configuration take effect.
# ps -ae | grep syslogd
147
# kill -HUP 147
# syslogd -r &
The device can output MAC address logs to the log host, which stores the logs to the specified
file.
3. Enable MAC Information on Device:
# Enable MAC Information globally.
[Device] mac-address information enable
# Configure the MAC Information mode as syslog.
[Device] mac-address information mode syslog
# Enable MAC Information on GigabitEthernet 1/0/1 to enable the port to record MAC address
change information when the interface performs either of the following operations:
18
{ Learns a new MAC address.
{ Deletes an existing MAC address.
[Device] interface gigabitethernet 1/0/1
[Device-GigabitEthernet1/0/1] mac-address information enable added
[Device-GigabitEthernet1/0/1] mac-address information enable deleted
[Device-GigabitEthernet1/0/1] quit
# Set the MAC Information queue length to 100.
[Device] mac-address information queue-length 100
# Set the MAC change notification interval to 20 seconds.
[Device] mac-address information interval 20
19

05-MAC Address Table Configuration

Uploaded by

Copyright:

Available Formats

05-MAC Address Table Configuration

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

05-MAC Address Table Configuration

Uploaded by

Copyright:

Available Formats

Contents

Configuring the MAC address table ······················································1

How a MAC address entry is created

Types of MAC address entries

MAC address table configuration task list

Adding or modifying a static or dynamic MAC address entry

Adding or modifying a static or dynamic MAC address entry

Adding or modifying a blackhole MAC address entry

Adding or modifying a multiport unicast MAC address entry

Step Command Remarks

Configuring a multiport unicast MAC address entry on an interface

Step Command Remarks

Disabling MAC address learning

Disabling global MAC address learning

Step Command Remarks

Disabling MAC address learning on interfaces

Step Command Remarks

3. Disable MAC address By default, MAC address

Disabling MAC address learning on a VLAN

Step Command Remarks

Setting the aging timer for dynamic MAC address

Step Command Remarks

Setting the MAC learning limit

Setting the MAC learning limit on an interface

Step Command Remarks

3. Set the MAC learning limit on By default, the number of MAC

Setting the MAC learning limit for a VLAN

Step Command Remarks

Configuring the unknown frame forwarding rule

Configuration restrictions and guidelines

Configuring the device to forward unknown frames after the

Configuring the device to forward unknown frames after the

2. Enter VLAN view. vlan vlan-id N/A

3. Configure the device to By default, the device can forward

Assigning MAC learning priority to interfaces

Step Command Remarks

Enabling MAC address synchronization

To enable MAC address synchronization:

Step Command Remarks

Configuring MAC address move notifications and

3. (Optional.) Set MAC mac-address notification

Enabling ARP fast update for MAC address

To enable ARP fast update for MAC address moves:

Step Command Remarks

Disabling static source check

Step Command Remarks

Step Command Remarks

Displaying and maintaining the MAC address

Verifying the configuration

# Display the blackhole MAC address entries.

# Display the aging time of dynamic MAC address entries.

Enabling MAC Information

Configuring the MAC Information mode

Step Command Remarks

Step Command Remarks

Setting the MAC Information queue length

MAC Information configuration example

Configuration restrictions and guidelines

You might also like