No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R010C00 Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring link aggregation, VLANs, Voice VLAN, VLAN mapping, QinQ, GVRP, MAC table, STP/RSTP/MSTP, SEP, and so on.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
MAC Address Learning Control

MAC Address Learning Control

Hackers can send a large number of packets with different source MAC addresses to a switch, causing useless MAC addresses to fill up the MAC address table. As a result, the switch cannot learn source MAC addresses of valid packets and the switch wastes bandwidth broadcasting these invalid packets.

The switch has the following MAC address learning control methods to protect against this issue:

  • Disabling MAC address learning on a VLAN or an interface

  • Limiting the number of MAC address entries that can be learned from a VLAN or an interface

Table 2-3  MAC address learning control
MAC Address Learning Control Method Principle Application Scenario

Disabling MAC address learning on a VLAN or an interface

After MAC address learning is disabled on a VLAN or an interface, the switch does not learn new dynamic MAC address entries on that VLAN or interface. The learned dynamic MAC address entries will age out when the aging time expires. They can also be manually deleted using commands.

  • In most cases, attack packets enter the switch through the same interface. Therefore, both methods are effective in preventing these attack packets from using up MAC address entry resources on the switch.
  • Limiting the number of MAC address entries that can be learned from a VLAN or an interface can also be used to limit the number of access users.

Limiting the number of MAC address entries that can be learned from a VLAN or an interface

The switch can only learn a specified number of MAC address entries from a VLAN or an interface.

When the number of learned MAC address entries reaches the limit, the switch generates an alarm to notify the network administrator.

After that, the switch cannot learn new MAC address entries from the VLAN or interface and discards any packets with source MAC addresses not in the MAC address table.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000142081

Views: 270608

Downloads: 420

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next