No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Common Configuration Errors

Common Configuration Errors

This section describes how to process common configuration errors in MAC address entries.

Correct MAC Address Entry Cannot Be Learned on the Device

Fault Description

MAC address entries cannot be learned on the device, so Layer 2 forwarding fails.

Procedure

  1. Check that the configurations on the interface are correct.

    Run the display mac-address command in any view to check whether the binding relationships between the MAC address, VLAN, and interface are correct.

    <HUAWEI> display mac-address 
    ------------------------------------------------------------------------------- 
    MAC Address    VLAN/VSI                          Learned-From        Type       
    ------------------------------------------------------------------------------- 
    0025-9e80-2494 1/-                               10GE1/17/1            dynamic    
                                                                                    
    ------------------------------------------------------------------------------- 
    Total items: 1                                                       

    If not, re-configure the binding relationships between the MAC address, VLAN, and interface.

    If yes, go to step 2.

  2. Check whether a loop on the network causes MAC address flapping.
    • Remove the loop from the network.

    If no loop exists, go to step 3.

  3. Check that MAC address learning is enabled.

    Check whether MAC address learning is enabled in the interface view and the VLAN view.

    [~HUAWEI-10GE1/17/1] display this
    #
    interface 10GE1/17/1
     mac-address learning disable 
     port link-type trunk  port trunk allow-pass vlan 10
    #
    return
    
    [~HUAWEI-vlan10] display this
     #
    vlan 10
     mac-address learning disable
    #
    return
    

    If the command output contains mac-address learning disable, MAC address learning is disabled on the interface or VLAN.

    • If MAC address learning is disabled, run the undo mac-address learning disable command in the interface view or VLAN view to enable MAC address learning.
    • If MAC address learning is enabled on the interface, go to step 4.
  4. Check whether any blackhole MAC address entry or MAC address limiting is configured.

    If a blackhole MAC address entry or MAC address limiting is configured, the interface discards packets.

    • Blackhole MAC address entry

      Run the display mac-address blackhole command to check whether any blackhole MAC address entry is configured.
      [~HUAWEI] display mac-address blackhole
      -------------------------------------------------------------------------------
      MAC Address    VLAN/VSI                          Learned-From        Type
      -------------------------------------------------------------------------------
      0001-0001-0001 3333/-                            -                   blackhole
      
      -------------------------------------------------------------------------------
      Total items: 1

      If a blackhole MAC address entry is displayed, run the undo mac-address blackhole command to delete it.

    • MAC address limiting on the interface or VLAN

      • Run the display this command in the interface view or VLAN view. If the command output contains mac-address limit maximum, the number of learned MAC addresses is limited. Run either of the following commands:
        • Run the undo mac-address limit command in the interface view or VLAN view to disable MAC address limiting.
        • Run the mac-address limit command in the interface view or VLAN view to increase the maximum number of learned MAC addresses.
      • Run the display this command in the interface view. If the command output contains port-security maximum or port-security enable, the number of secure dynamic MAC addresses is limited on the interface. Run either of the following commands:
        NOTE:

        By default, the limit on the number of secure dynamic MAC addresses is 1 after port security is enabled.

        • Run the undo port-security enable command in the interface view to disable port security.
        • Run the port-security maximum command in the interface view to increase the maximum number of secure dynamic MAC addresses on the interface.

    If the fault persists, go to step 5.

  5. Check whether the number of learned MAC addresses has reached the maximum supported by the switch modules.

    Run the display mac-address summary command to check the number of MAC addresses in the MAC address table.

    • If the number of learned MAC addresses has reached the maximum supported by the switch modules, no MAC address entry can be created. Run the display mac-address command to view all MAC address entries.
      • If the number of MAC addresses learned on an interface is much greater than the number of devices on the network connected to the interface, a user on the network may maliciously update the MAC address table. Check the device connected to the interface:
        • If the interface is connected to a device, run the display mac-address command on the device to view its MAC address table. Locate the interface connected to the malicious user according to the displayed MAC address entries. If the interface that you find is connected to another device, repeat this step until you find the user of the malicious user.
        • If the interface is connected to a computer, perform either of the following operations after obtaining permission of the administrator:
          • Disconnect the computer. When the attack stops, connect the computer to the network again.
          • Run the port-security enable command on the interface to enable port security or run the mac-address limit command to set the maximum number of MAC addresses that the interface can learn to 1.
        • If the interface is connected to a hub, perform either of the following operations:
          • Configure port mirroring or other tools to observe packets received by the interface. Analyze the packet types to locate the attacking computer. Disconnect the computer after obtaining permission of the administrator. When the attack stops, connect the computer to the hub again.
          • Disconnect computers connected to the hub one by one after obtaining permission of the administrator. If the fault is rectified after a computer is disconnected, the computer is the attacker. After it stops the attack, connect it to the hub again.
      • If the number of MAC addresses on the interface is equal to or smaller than the number of devices connected to the interface, the number of devices connected to the switch modules has exceeded the maximum supported by the switch modules. Adjust network deployment.
Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 57173

Downloads: 3617

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next