MAC Address Learning Control

Enterprise

Worldwide

- Türkçe

History
Popular search
Switches Routers Servers Storage Data Center Energy Cloud Computing
Quick access
Recommended

MAC Address Learning Control

Hackers can send a large number of packets with different source MAC addresses to a switch, causing useless MAC addresses to fill up the MAC address table. As a result, the switch cannot learn source MAC addresses of valid packets and the switch wastes bandwidth broadcasting these invalid packets.

The switch has the following MAC address learning control methods to protect against this issue:

Disabling MAC address learning on a VLAN or an interface
Limiting the number of MAC address entries that can be learned from a VLAN or an interface

Table 2-3 MAC address learning control

MAC Address Learning Control Method	Principle	Application Scenario
Disabling MAC address learning on a VLAN or an interface	After MAC address learning is disabled on a VLAN or an interface, the switch does not learn new dynamic MAC address entries on that VLAN or interface. The learned dynamic MAC address entries will age out when the aging time expires. They can also be manually deleted using commands.	In most cases, attack packets enter the switch through the same interface. Therefore, both methods are effective in preventing these attack packets from using up MAC address entry resources on the switch. Limiting the number of MAC address entries that can be learned from a VLAN or an interface can also be used to limit the number of access users.
Limiting the number of MAC address entries that can be learned from a VLAN or an interface	The switch can only learn a specified number of MAC address entries from a VLAN or an interface. When the number of learned MAC address entries reaches the limit, the switch generates an alarm to notify the network administrator. After that, the switch cannot learn new MAC address entries from the VLAN or interface and discards any packets with source MAC addresses not in the MAC address table.

MAC Address Learning Control Method

Principle

Application Scenario

Disabling MAC address learning on a VLAN or an interface

After MAC address learning is disabled on a VLAN or an interface, the switch does not learn new dynamic MAC address entries on that VLAN or interface. The learned dynamic MAC address entries will age out when the aging time expires. They can also be manually deleted using commands.

In most cases, attack packets enter the switch through the same interface. Therefore, both methods are effective in preventing these attack packets from using up MAC address entry resources on the switch.
Limiting the number of MAC address entries that can be learned from a VLAN or an interface can also be used to limit the number of access users.

Limiting the number of MAC address entries that can be learned from a VLAN or an interface

The switch can only learn a specified number of MAC address entries from a VLAN or an interface.

When the number of learned MAC address entries reaches the limit, the switch generates an alarm to notify the network administrator.

After that, the switch cannot learn new MAC address entries from the VLAN or interface and discards any packets with source MAC addresses not in the MAC address table.

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

This document describes the configuration of Ethernet services, including configuring link aggregation, VLANs, Voice VLAN, VLAN mapping, QinQ, GVRP, MAC table, STP/RSTP/MSTP, SEP, and so on.

Related Version

Related Documents

Digital Signature File