MAC Address Entries Failed to Be Learned on an Interface

Procedure

1. Check the configuration on the device.

   Check Item	Verification Method	Follow-up Operation
   Whether the VLAN that the interface belongs to has been created	Run the display vlan vlan-id command in any view. If the system displays the message "Error: The VLAN does not exist", the VLAN has not been created.	Run the vlan vlan-id command in the system view to create the VLAN.
   Whether the interface transparently transmits packets from the VLAN	Run the display vlan vlan-id command in any view to check whether the interface name exists. If not, the interface does not transparently transmit packets from the VLAN.	Run one of the following commands in the interface view to add the interface to the VLAN. Run the port trunk allow-pass vlan command if the interface is a trunk interface. Run the port hybrid tagged vlan or port hybrid untagged vlan command if the interface is a hybrid interface. Run the port default vlan command if the interface is an access interface.
   Whether a blackhole MAC address entry is configured	Run the display mac-address blackhole command in any view to check whether a blackhole MAC address entry is configured.	If a blackhole MAC address entry is displayed and you want to delete it, run the undo mac-address blackhole command in any view.
   Whether MAC address learning is disabled on the interface or in the VLAN	Run the display this | include learning command in the interface view and VLAN view to check whether the mac-address learning disable configuration exists. If so, MAC address learning is disabled on the interface or in the VLAN.	Run the undo mac-address learning disable command in the interface view or VLAN view to enable MAC address learning.
   Whether MAC address limiting is configured on the interface and in the VLAN	Run the display this | include mac-limit command in the interface view and VLAN view to check whether the MAC address limiting is configured. If so, the maximum number of learned MAC address entries is set.	Run the mac-limit command in the interface view or VLAN view to increase the maximum number of learned MAC address entries. Run the undo mac-limit command in the interface view or VLAN view to remove the MAC address limit.
   Whether port security is configured on the interface	Run the display this | include port-security command in the interface view to check whether port security is configured.	Run the undo port-security enable command in the interface view to disable port security. Run the port-security max-mac-num command in the interface view to increase the maximum number of secure dynamic MAC address entries on the interface.

   If the fault persists, go to step 2.

2. Check whether a loop is causing MAC address entry flapping.
   1. Run the mac-address flapping detection command in the system view to configure MAC address flapping detection.
   2. The system checks all MAC addresses in the VLAN to detect MAC address flapping. Run the display mac-address flapping record command to check MAC address flapping records to determine whether a loop occurs.
   3. If a loop is causing MAC address flapping, use the following methods to remove MAC address flapping:
      • Eliminate the loop.
      • Run the mac-learning priority command in the interface view to configure the MAC address learning priority for the interface to ensure that MAC addresses are learned by the correct interface.

   If no loop was detected, go to step 3.

3. Check whether the number of learned MAC address entries has reached the maximum value. If so, the device cannot learn new MAC address entries.
   • If the number of MAC address entries on the interface is less than or equal to the number of hosts connected to the interface, the device is connected to more hosts than it supports. Adjust your network plan accordingly.
   • If the interface has learned more MAC address entries than the hosts connected to the interface, the interface may be undergoing a MAC address attack from the attached network. Use the following table to locate the attack source.

     Scenario	Solution
     The interface connects to another network device.	Run the display mac-address command on the connected device to view MAC address entries. Use the displayed MAC address entries to locate the interface connected to the malicious host. If the located interface is connected to another network device, repeat this step until you find the malicious host.
     The interface connects to a host.	Disconnect the host after obtaining permission from the administrator. When the attack stops, connect the host to the network again. Run the port-security enable command on the interface to enable port security or run the mac-limit command to set the maximum number of MAC address entries to 1.
     The interface connects to a hub.	Analyze packets mirrored from the interface or use a another tool to analyze packets received by the interface to locate the attacking host. Disconnect the host after obtaining permission from the administrator. Connect the host to the hub again only after confirming that it no longer sends attacking packets. Disconnect hosts connected to the hub one by one after obtaining permission from the administrator. If the fault is rectified after a host is disconnected, the host is the attacker. After the host stops the attack, connect it to the hub again.