Disabling MAC Address Learning

S12700 V200R010C00 Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring link aggregation, VLANs, Voice VLAN, VLAN mapping, QinQ, GVRP, MAC table, STP/RSTP/MSTP, SEP, and so on.

About This Document
Ethernet Switching Overview
- Introduction to Ethernet Switching
- Basic Concepts of Ethernet
- Switching on the Ethernet
  - Layer 2 Switching
  - Layer 3 Switching
- Application Environment
  - Building an Enterprise Network
MAC Address Table Configuration
- Introduction to the MAC Address
- Principles
- Application
- Configuration Task Summary
- Licensing Requirements and Limitations for MAC Address Tables
- Default Configuration
- Configuring a MAC Address Table
- Configuring MAC Address Flapping Prevention
  - Configuring a MAC Address Learning Priority for an Interface
  - Preventing MAC Address Flapping Between Interfaces with the Same Priority
- Configuring MAC Address Flapping Detection
- Configuring the Switch to Discard Packets with an All-0 MAC Address
- Configuring the Switch to Discard Packets That Do Not Match Any MAC Address Entry
- Enabling MAC Address-Triggered ARP Entry Update
- Enabling Port Bridge
- Configuring Re-marking of Destination MAC Addresses
- Maintaining the MAC Address Table
- Configuration Examples
- Common Misconfigurations
  - MAC Address Entries Failed to Be Learned on an Interface
- FAQs
Link Aggregation Configuration
- Introduction to Link Aggregation
- Principles
- Applications
- Configuration Task Summary
- Licensing Requirements and Limitations for Link Aggregation
- Default Settings
- Configuring Link Aggregation in Manual Mode
- Configuring Link Aggregation in LACP Mode
- Configuring Preferential Forwarding of Local Traffic in a CSS
- Creating an Eth-Trunk Sub-interface
- Configuring an E-Trunk
- Maintaining Link Aggregation
- Configuration Examples
- Common Configuration Errors
  - Traffic Is Unevenly Load Balanced Among Eth-Trunk Member Interfaces Because the Load Balancing Mode Is Incorrect
  - Eth-Trunk at Both Ends Cannot Be Up Because the Lower Threshold for the Number of Active Interfaces Is Incorrect
- FAQ
VLAN Configuration
- VLAN Overview
- Principles
- Applications
- Configuration Task Summary
- Licensing Requirements and Limitations for VLANs
- Default Configuration
- Configuring VLAN Technology
- Maintaining VLANs
- Configuration Examples
- Common Misconfigurations
- FAQ
VLAN Aggregation Configuration
- Introduction to VLAN Aggregation
- Principles
- Application Scenario
- Licensing Requirements and Limitations for VLAN Aggregation
- Default Configuration
- Configuring VLAN Aggregation
- Configuration Examples
  - Example for Configuring VLAN Aggregation
- FAQ
  - How Do I Implement Communication Between Specific Sub-VLANs in a Super-VLAN
  - How Should a Traffic Policy Be Configured in a Super-VLAN or Sub-VLAN to Make the Traffic Policy Take Effect
VLAN Switch Configuration
- Introduction to VLAN Switch
- Application Scenario
- Licensing Requirements and Limitations for VLAN Switch
- Default Configuration
- Configuring VLAN Switch
- Maintaining VLAN Switch
- Configuration Examples
  - Example for Implementing Inter-VLAN Communication Using VLAN Switch
MUX VLAN Configuration
- Introduction to MUX VLAN
- Licensing Requirements and Limitations for MUX VLANs
- Default Configuration
- Configuring the MUX VLAN
- Configuration Examples
  - Example for Configuring MUX VLAN on the Access Device
  - Example for Configuring MUX VLAN on the Aggregation Device
VLAN Termination Configuration
- Introduction to VLAN Termination
- Application Scenario
- Configuration Task Summary
- Licensing Requirements and Limitations for VLAN Termination
- Default Configuration
- Using a Dot1q Termination Sub-interface to Implement Inter-VLAN Communication
- Configuring a Dot1q Termination Sub-interface and Connecting It to an L2VPN
- Configuring a Dot1q Termination Sub-interface and Connecting It to an L3VPN
- Configuring a QinQ Termination Sub-interface and Connecting It to an L2VPN
- Configuring a QinQ Termination Sub-interface and Connecting It to an L3VPN
- Configuration Examples
Voice VLAN Configuration
- Introduction to Voice VLAN
- Typical Networking
- Principles
- Applicable Scenario
- Licensing Requirements and Limitations for Voice VLAN
- Default Configuration
- Configuring a MAC Address-based Voice VLAN
- Configuring a VLAN ID-based Voice VLAN
- Configuration Examples
  - Example for Configuring a MAC Address-based Voice VLAN (IP Phones Send Untagged Voice Packets)
  - Example for Configuring a VLAN ID-based Voice VLAN (IP Phones Send Tagged Voice Packets)
QinQ Configuration
- Introduction to QinQ
- Principles
- Applications
  - Public User Services on a Metro Ethernet Network
  - Enterprise Network Connection Through Private Lines
- Configuration Task Summary
- Licensing Requirements and Limitations for QinQ
- Configuring Basic QinQ
- Configuring Selective QinQ
- Configuring the TPID Value in an Outer VLAN Tag
- Configuring the Device to Add Double VLAN Tags to Untagged Packets
- Configuring QinQ Mapping
  - Configuring 1-to-1 QinQ Mapping
  - Configuring 2-to-1 QinQ Mapping
- Maintaining QinQ
  - Displaying VLAN Translation Resource Usage
- Configuration Examples
- Common Misconfigurations
  - QinQ Traffic Forwarding Fails Because the Outer VLAN Is Not Created
  - QinQ Traffic Forwarding Fails Because the Interface Does Not Transparently Transmit the Outer VLAN ID
- FAQ
VLAN Mapping Configuration
- Introduction to VLAN Mapping
- Principles
- Applications
- Licensing Requirements and Limitations for VLAN Mapping
- Configuring VLAN ID-based VLAN Mapping
- Configuring 802.1p Priority-based VLAN Mapping
- Configuring MQC-based VLAN Mapping
- Maintaining VLAN Mapping
  - Displaying VLAN Translation Resource Usage
- Configuration Examples
- Common Configuration Errors
  - Communication Failure After VLAN Mapping Configuration
GVRP Configuration
- Introduction to GVRP
- Principles
- Applications
- Licensing Requirements and Limitations for GVRP
- Default Configuration
- Configuring GVRP
- Maintaining GVRP
  - Clearing GVRP Statistics
- Configuration Examples
  - Example for Configuring GVRP
- FAQ
  - Why Is the CPU Usage High When VLANs Are Created or Deleted Through GVRP in Default Configuration?
VCMP Configuration
- Introduction to VCMP
- Principles
  - VCMP Concepts
  - Implementation
- Applicable Scenario
- Licensing Requirements and Limitations for VCMP
- Default Configuration
- Configuring VCMP
- Maintaining VCMP
  - Displaying VCMP Running Information
  - Clearing VCMP Running Information
- Configuration Examples
  - Example for Configuring VCMP to Implement Centralized VLAN Management
STP/RSTP Configuration
- Introduction to STP/RSTP
- Principles
- Applications
- Configuration Task Summary
- Licensing Requirements and Limitations for STP/RSTP
- Default Configuration
- Configuring Basic STP/RSTP Functions
- Setting STP Parameters that Affect STP Convergence
- Setting RSTP Parameters that Affect RSTP Convergence
- Configuring RSTP Protection Functions
- Setting Parameters for Interoperation Between Huawei and Non-Huawei Devices
- Maintaining STP/RSTP
  - Clearing STP/RSTP Statistics
  - Monitoring STP/RSTP Topology Change Statistics
- Configuration Examples
  - Example for Configuring Basic STP Functions
  - Example for Configuring Basic RSTP Functions
- FAQ
MSTP Configuration
- Introduction to MSTP
- MSTP Principles
- Application Environment
- Configuration Task Summary
- Licensing Requirements and Limitations for MSTP
- Default Configuration
- Configuring Basic MSTP Functions
- Configuring MSTP Multi-Process
- Configuring MSTP Parameters on an Interface
- Configuring MSTP Protection Functions
- Configuring MSTP Interoperability Between Huawei and Non-Huawei Devices
- Maintaining MSTP
  - Clearing MSTP Statistics
  - Monitoring the Statistics on MSTP Topology Changes
- Configuration Examples
- FAQ
VBST Configuration
- Introduction to VBST
- Principles
- Applicable Scenario
- Configuration Task Summary
- Licensing Requirements and Limitations for VBST
- Default Configuration
- Configuring Basic VBST Functions
- Setting VBST Parameters That Affect VBST Convergence
- Configuring Protection Functions of VBST
- Setting Parameters for Interworking Between a Huawei Datacom Device and a Non-Huawei Device
- Maintaining VBST
  - Displaying VBST Running Information and Statistics
  - Clearing VBST Statistics
- Configuration Examples
  - Example for Configuring VBST
SEP Configuration
- Introduction to SEP
- Principles
- Applications
- Configuration Task Summary
- Licensing Requirements and Limitations for SEP
- Configuring Basic SEP Functions
- Specifying an Interface to Block
- Configuring SEP Multi-Instance
- Configuring the Topology Change Notification Function
- Maintaining SEP
  - Clearing SEP Statistics
- Configuration Examples
RRPP Configuration
- Introduction to RRPP
- Principles
- Application Scenarios
- Configuration Task Summary
- Licensing Requirements and Limitations for RRPP
- Default Configuration
- Configuring RRPP
- Configuring RRPP Snooping
- Maintaining RRPP
  - Clearing RRPP Statistics
- Configuration Examples
- Common Configuration Errors
  - A Loop Occurs After the RRPP Configuration is Complete
  - After the Primary Port of a Transit Node on an RRPP Ring Network Becomes Down and Then Recovers, the Transit Node and Other Transit Nodes Cannot Register With the Master Node
- FAQ
ERPS (G.8032) Configuration
- Introduction to ERPS
- Principles
- Applicable Scenario
- Configuration Task Summary
- Licensing Requirements and Limitations for ERPS
- Default Settings
- Configuring ERPSv1
- Configuring ERPSv2
- Maintaining ERPS
  - Clearing ERPS Statistics
- Configuration Examples
  - Example for Configuring ERPS Multi-instance
  - Example for Configuring Intersecting ERPS Rings
- Common Configuration Errors
  - Traffic Forwarding Fails in an ERPS Ring
LDT and LBDT Configuration
- Introduction to LBDT and LDT
- Principles
- Applicable Scenario
- Licensing Requirements and Limitations for LDT and LBDT
- Default Configuration
- Configuring LDT to Detect Loops
- Configuring Automatic LBDT
- Configuring Manual LBDT
- Configuration Examples
Layer 2 Protocol Transparent Transmission Configuration
- Introduction to Layer 2 Protocol Transparent Transmission
- Principles
- Application Environment
- Configuration Task Summary
- Licensing Requirements and Limitations for Layer 2 Protocol Transparent Transmission
- Configuring Interface-based Layer 2 Protocol Transparent Transmission
- Configuring VLAN-based Layer 2 Protocol Transparent Transmission
- Configuring QinQ-based Layer 2 Protocol Transparent Transmission
- Configuration Examples
- FAQ

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Disabling MAC Address Learning

Background

The MAC address learning function is enabled by default on the switch. When receiving a data frame, the switch records the source MAC address of the data frame and the interface that receives the data frame in a MAC address entry. When receiving data frames destined for this MAC address, the switch forwards the data frames through the outbound interface according to the MAC address entry. The MAC address learning function reduces broadcast packets on a network. After MAC address learning is disabled on an interface, the switch does not learn source MAC addresses of data frames received by the interface. Dynamic MAC address entries learned on the interface are not immediately deleted, but will be removed after they are aged out or are manually deleted.

Procedure

Disable MAC address learning on an interface.
1. Run:
```
system-view
```
  The system view is displayed.
2. Run:
```
interface interface-type interface-number
```
  The interface view is displayed.
3. Run:
```
mac-address learning disable [ action { discard | forward } ]
```
  MAC address learning is disabled on the interface.
  
  By default, MAC address learning is enabled on an interface.
  
  By default, the switch takes the forward action after MAC address learning is disabled. That is, the switch forwards packets according to the MAC address table. When the action is set to discard, the switch looks up the source MAC address of the packet in the MAC address table. If the source MAC address is found in the MAC address table, the switch forwards the packet according to the matching MAC address entry. If the source MAC address is not found, the switch discards the packet.
Disable MAC address learning in a VLAN.
1. Run:
```
system-view
```
  The system view is displayed.
2. Run:
```
vlan vlan-id
```
  The VLAN view is displayed.
3. Run:
```
mac-address learning disable
```
  MAC address learning is disabled in the VLAN.
  
  By default, MAC address learning is enabled in a VLAN.
When MAC address learning is disabled in a VLAN and an interface in the VLAN (excluding X series cards) and the discard action is configured for the interface, the interface does not discard packets from this VLAN. For example, MAC address learning is disabled in VLAN 2 but enabled in VLAN 3; Port1 has MAC address learning disabled and performs the discard action; Port1 has been added to VLAN 2 and VLAN 3. In this scenario, Port1 discards packets from VLAN 3 but forwards packets from VLAN 2.

Disable MAC address learning for a specified flow.

Configure a traffic classifier.

Run:
```
system-view
```
The system view is displayed.
Run:
```
traffic classifier classifier-name [ operator { and | or } ] [ precedence precedence-value ]
```
A traffic classifier is created and the traffic classifier view is displayed, or the existing traffic classifier view is displayed.
and is the logical operator between the rules in the traffic classifier, which means that:
- If the traffic classifier contains ACL rules, packets match the traffic classifier only when they match one ACL rule and all the non-ACL rules.
- If the traffic classifier does not contain any ACL rules, packets match the traffic classifier only when they match all the rules in the classifier.
The logical operator or means that packets match the traffic classifier as long as they match one of rules in the classifier.
By default, the relationship between rules in a traffic classifier is OR.

Configure matching rules according to the following table.

The if-match ip-precedence and if-match tcp commands are only valid for IPv4 packets.

X series cards do not support traffic classifiers with advanced ACLs containing the ttl-expired field or user-defined ACLs.

When a traffic classifier contains if-match ipv6 acl { acl-number | acl-name }, X series cards do not support add-tag vlan-id vlan-id, remark 8021p [ 8021p-value | inner-8021p ], remark cvlan-id cvlan-id, remark vlan-id vlan-id, or mac-address learning disable.

Matching Rule	Command	Remarks
Inner and outer VLAN IDs in QinQ packets	if-match cvlan-id start-vlan-id [ to end-vlan-id ] [ vlan-id vlan-id ]	-
802.1p priority in VLAN packets	if-match 8021p 8021p-value &<1-8>	If you enter multiple 802.1p priority values in one command, a packet matches the traffic classifier as long as it matches any one of the 802.1p priorities, regardless of whether the relationship between rules in the traffic classifier is AND or OR.
Inner 802.1p priority in QinQ packets	if-match cvlan-8021p 8021p-value &<1-8>	-
Outer VLAN ID or inner and outer VLAN IDs of QinQ packets	if-match vlan-id start-vlan-id [ to end-vlan-id ] [ cvlan-id cvlan-id ]	-
Drop packet	if-match discard	A traffic classifier containing this matching rule can only be bound to traffic behaviors containing traffic statistics collection and flow mirroring actions.
Double tags in QinQ packets	if-match double-tag	-
EXP priority in MPLS packets	if-match mpls-exp exp-value &<1-8>	If you enter multiple MPLS EXP priority values in one command, a packet matches the traffic classifier as long as it matches any one of the MPLS EXP priorities, regardless of whether the relationship between rules in the traffic classifier is AND or OR.
Destination MAC address	if-match destination-mac mac-address [ [ mac-address-mask ] mac-address-mask ]	-
Source MAC address	if-match source-mac mac-address [ [ mac-address-mask ] mac-address-mask ]	-
Protocol type field in the Ethernet frame header	if-match l2-protocol { arp \| ip \| mpls \| rarp \| protocol-value }	-
All packets	if-match any	-
DSCP priority in IP packets	if-match [ ipv6 ] dscp dscp-value &<1-8>	If you enter multiple DSCP values in one command, a packet matches the traffic classifier as long as it matches any one of the DSCP values, regardless of whether the relationship between rules in the traffic classifier is AND or OR. If the relationship between rules in a traffic classifier is AND, the if-match [ ipv6 ] dscp and if-match ip-precedence commands cannot be used in the traffic classifier simultaneously.
IP precedence in IP packets	if-match ip-precedence ip-precedence-value &<1-8>	The if-match [ ipv6 ] dscp and if-match ip-precedence commands cannot be configured in a traffic classifier in which the relationship between rules is AND. If you enter multiple IP precedence values in one command, a packet matches the traffic classifier as long as it matches any one of the IP precedence values, regardless of whether the relationship between rules in the traffic classifier is AND or OR.
Layer 3 protocol type	if-match protocol { ip \| ipv6 }	-
First Next Header field in the IPv6 packet header	if-match ipv6 next-header header-number first-next-header	The ET1D2X12SSA0 card does not support the routes whose prefix length ranges from 64 to 128.
SYN Flag in the TCP packet	if-match tcp syn-flag { syn-flag-value \| ack \| fin \| psh \| rst \| syn \| urg }	-
Inbound interface	if-match inbound-interface interface-type interface-number	A traffic policy containing this matching rule cannot be applied to the outbound direction or in the interface view.
Outbound interface	if-match outbound-interface interface-type interface-number	A traffic policy containing this matching rule cannot be applied to the inbound direction on X series cards. The traffic policy containing this matching rule cannot be applied in the interface view.
ACL rule	if-match acl { acl-number \| acl-name }	When an ACL is used to define a traffic classification rule, it is recommended that the ACL be configured first. If an ACL in a traffic classifier defines multiple rules, a packet matches the ACL as long as it matches one of rules, regardless of whether the relationship between rules in the traffic classifier is AND or OR.
ACL6 rule	if-match ipv6 acl { acl-number \| acl-name }	Before specifying an ACL6 in a matching rule, configure the ACL6.
Flow ID	if-match flow-id flow-id	The traffic classifier containing if-match flow-id and the traffic behavior containing remark flow-id must be bound to different traffic policies. The traffic policy containing if-match flow-id can be only applied to an interface, a VLAN, a card, or the system in the inbound direction. X series cards and SA cards of the S series do not support matching of flow IDs.

Run:
```
quit
```
Exit from the traffic classifier view.

Configure a traffic behavior.
1. Run:
```
traffic behavior behavior-name
```
  A traffic behavior is created and the traffic behavior view is displayed.
2. Run:
```
mac-address learning disable
```
  MAC address learning is disabled in the traffic behavior view.
3. Run:
```
quit
```
  Exit from the traffic behavior view.
4. Run:
```
quit
```
  Exit from the system view.
Configure a traffic policy.
1. Run:
```
system-view
```
  The system view is displayed.
2. Run:
```
traffic policy policy-name [ match-order { auto | config } ]
```
  A traffic policy is created and the traffic policy view is displayed, or the view of an existing traffic policy is displayed.
  
  If no matching order is specified when you create a traffic policy, the default matching order is config.
  
  After a traffic policy is applied, you cannot use the traffic policy command to modify the matching order of traffic classifiers in the traffic policy. To modify the matching order, delete the traffic policy, and re-create a traffic policy and specify the matching order.
  When creating a traffic policy, you can specify the matching order of matching rules in the traffic policy. The matching order can be either automatic order or configuration order:
  - If automatic order is used, traffic classifiers are matched based on the priorities of their types. The traffic classifiers based on the following information are in descending order of priority: Layer 2 and IPv4 Layer 3 information, advanced ACL6 information, basic ACL6 information, Layer 2 information, IPv4 Layer 3 information, and user-defined ACL information. The traffic classifier with the highest priority is matched first. If data traffic matches multiple traffic classifiers, and the traffic behaviors conflict with each other, the traffic behavior corresponding to the highest priority rule takes effect.
  - If configuration order is used, traffic classifiers are matched based on their priorities. The traffic classifier with the highest priority is matched first. A smaller priority value indicates a higher priority of a traffic classifier. If precedence-value is not specified, the system allocates a priority to the traffic classifier. The allocated priority value is [(max-precedence + 5) / 5] x 5, where max-precedence specifies the maximum priority of a traffic classifier. For details about the priority of a traffic classifier, refer to the traffic classifier command.
3. Run:
```
classifier classifier-name behavior behavior-name
```
  A traffic behavior is bound to a traffic classifier in a traffic policy.
4. Run:
```
quit
```
  Exit from the traffic policy view.
5. Run:
```
quit
```
  Exit from the system view.
Apply the traffic policy.
- Applying a traffic policy to an interface
  1. Run:
```
system-view
```
    The system view is displayed.
  2. Run:
```
interface interface-type interface-number
```
    The interface view is displayed.
  3. Run:
```
traffic-policy policy-name { inbound | outbound }
```
    A traffic policy is applied to the interface.
    
    A traffic policy can be applied to only one direction on an interface, but a traffic policy can be applied to different directions on different interfaces. After a traffic policy is applied to an interface, the system performs traffic policing for all relevant packets that match traffic classification rules on the interface.
- Applying a traffic policy to a VLAN
  1. Run:
```
system-view
```
    The system view is displayed.
  2. Run:
```
vlan vlan-id
```
    The VLAN view is displayed.
  3. Run:
```
traffic-policy policy-name { inbound | outbound }
```
    A traffic policy is applied to the VLAN.
    
    Only one traffic policy can be applied to a VLAN in the inbound or outbound direction.
    
    After a traffic policy is applied, the system performs traffic policing for the packets that belong to that VLAN and match the relevant traffic classification rules. However, the traffic policy does not take effect for packets in VLAN 0.
- Applying a traffic policy to the system or an LPU
  1. Run:
```
system-view
```
    The system view is displayed.
  2. Run:
```
traffic-policy policy-name global { inbound | outbound } [ slot slot-id ]
```
    A traffic policy is applied to the system or an LPU.
    
    Only one traffic policy can be applied to the system or LPU for one direction. A traffic policy cannot be applied to the same direction in the system and on the LPU simultaneously.

Checking the Configuration

Run the display traffic classifier user-defined [ classifier-name ] command to check the traffic classifier configuration on the device.
Run the display traffic behavior user-defined [ behavior-name ] command to check the traffic behavior configuration on the device.
Run the display traffic policy user-defined [ policy-name [ classifier classifier-name ] ] command to check the user-defined traffic policy configuration.
Run the display traffic-applied [ interface [ interface-type interface-number ] | vlan [ vlan-id ] ] { inbound | outbound } [ verbose ] command to check traffic actions and ACL rules associated with the system, a VLAN, or an interface.
Run the display traffic policy { interface [ interface-type interface-number ] | vlan [ vlan-id ] | global } [ inbound | outbound ] command to check the traffic policy configuration on the device.
Run the display traffic-policy applied-record [ policy-name ] command to check the record of the specified traffic policy.

Translation

简体中文

Download

Updated: 2022-05-23

Document ID: EDOC1000142081

Downloads: 901

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate