No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R010C00 Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring link aggregation, VLANs, Voice VLAN, VLAN mapping, QinQ, GVRP, MAC table, STP/RSTP/MSTP, SEP, and so on.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Disabling MAC Address Learning

Disabling MAC Address Learning

Background

The MAC address learning function is enabled by default on the switch. When receiving a data frame, the switch records the source MAC address of the data frame and the interface that receives the data frame in a MAC address entry. When receiving data frames destined for this MAC address, the switch forwards the data frames through the outbound interface according to the MAC address entry. The MAC address learning function reduces broadcast packets on a network. After MAC address learning is disabled on an interface, the switch does not learn source MAC addresses of data frames received by the interface. Dynamic MAC address entries learned on the interface are not immediately deleted, but will be removed after they are aged out or are manually deleted.

Procedure

  • Disable MAC address learning on an interface.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. Run:

      mac-address learning disable [ action { discard | forward } ]

      MAC address learning is disabled on the interface.

      By default, MAC address learning is enabled on an interface.

      By default, the switch takes the forward action after MAC address learning is disabled. That is, the switch forwards packets according to the MAC address table. When the action is set to discard, the switch looks up the source MAC address of the packet in the MAC address table. If the source MAC address is found in the MAC address table, the switch forwards the packet according to the matching MAC address entry. If the source MAC address is not found, the switch discards the packet.

  • Disable MAC address learning in a VLAN.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      vlan vlan-id

      The VLAN view is displayed.

    3. Run:

      mac-address learning disable

      MAC address learning is disabled in the VLAN.

      By default, MAC address learning is enabled in a VLAN.

    NOTE:

    When MAC address learning is disabled in a VLAN and an interface in the VLAN (excluding X series cards) and the discard action is configured for the interface, the interface does not discard packets from this VLAN. For example, MAC address learning is disabled in VLAN 2 but enabled in VLAN 3; Port1 has MAC address learning disabled and performs the discard action; Port1 has been added to VLAN 2 and VLAN 3. In this scenario, Port1 discards packets from VLAN 3 but forwards packets from VLAN 2.

  • Disable MAC address learning for a specified flow.
    1. Configure a traffic classifier.
      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        traffic classifier classifier-name [ operator { and | or } ] [ precedence precedence-value ]

        A traffic classifier is created and the traffic classifier view is displayed, or the existing traffic classifier view is displayed.

        and is the logical operator between the rules in the traffic classifier, which means that:
        • If the traffic classifier contains ACL rules, packets match the traffic classifier only when they match one ACL rule and all the non-ACL rules.

        • If the traffic classifier does not contain any ACL rules, packets match the traffic classifier only when they match all the rules in the classifier.

        The logical operator or means that packets match the traffic classifier as long as they match one of rules in the classifier.

        By default, the relationship between rules in a traffic classifier is OR.

      3. Configure matching rules according to the following table.
        NOTE:

        The if-match ip-precedence and if-match tcp commands are only valid for IPv4 packets.

        X series cards do not support traffic classifiers with advanced ACLs containing the ttl-expired field or user-defined ACLs.

        When a traffic classifier contains if-match ipv6 acl { acl-number | acl-name }, X series cards do not support add-tag vlan-id vlan-id, remark 8021p [ 8021p-value | inner-8021p ], remark cvlan-id cvlan-id, remark vlan-id vlan-id, or mac-address learning disable.

        Matching Rule

        Command

        Remarks

        Inner and outer VLAN IDs in QinQ packets

        if-match cvlan-id start-vlan-id [ to end-vlan-id ] [ vlan-id vlan-id ]

        -

        802.1p priority in VLAN packets

        if-match 8021p 8021p-value &<1-8>

        If you enter multiple 802.1p priority values in one command, a packet matches the traffic classifier as long as it matches any one of the 802.1p priorities, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

        Inner 802.1p priority in QinQ packets

        if-match cvlan-8021p 8021p-value &<1-8>

        -

        Outer VLAN ID or inner and outer VLAN IDs of QinQ packets

        if-match vlan-id start-vlan-id [ to end-vlan-id ] [ cvlan-id cvlan-id ]

        -

        Drop packet

        if-match discard

        A traffic classifier containing this matching rule can only be bound to traffic behaviors containing traffic statistics collection and flow mirroring actions.

        Double tags in QinQ packets

        if-match double-tag

        -

        EXP priority in MPLS packets

        if-match mpls-exp exp-value &<1-8>

        If you enter multiple MPLS EXP priority values in one command, a packet matches the traffic classifier as long as it matches any one of the MPLS EXP priorities, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

        SA cards of the S series and X series cards do not support matching of EXP priorities in MPLS packets.

        Destination MAC address

        if-match destination-mac mac-address [ [ mac-address-mask ] mac-address-mask ]

        -

        Source MAC address

        if-match source-mac mac-address [ [ mac-address-mask ] mac-address-mask ]

        -

        Protocol type field in the Ethernet frame header

        if-match l2-protocol { arp | ip | mpls | rarp | protocol-value }

        -

        All packets

        if-match any

        -

        DSCP priority in IP packets

        if-match [ ipv6 ] dscp dscp-value &<1-8>

        • If you enter multiple DSCP values in one command, a packet matches the traffic classifier as long as it matches any one of the DSCP values, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

        • If the relationship between rules in a traffic classifier is AND, the if-match [ ipv6 ] dscp and if-match ip-precedence commands cannot be used in the traffic classifier simultaneously.

        IP precedence in IP packets

        if-match ip-precedence ip-precedence-value &<1-8>
        • The if-match [ ipv6 ] dscp and if-match ip-precedence commands cannot be configured in a traffic classifier in which the relationship between rules is AND.

        • If you enter multiple IP precedence values in one command, a packet matches the traffic classifier as long as it matches any one of the IP precedence values, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

        Layer 3 protocol type

        if-match protocol { ip | ipv6 }

        -

        First Next Header field in the IPv6 packet header

        if-match ipv6 next-header header-number first-next-header

        The ET1D2X12SSA0 card does not support the routes whose prefix length ranges from 64 to 128.

        SYN Flag in the TCP packet

        if-match tcp syn-flag { syn-flag-value | ack | fin | psh | rst | syn | urg }

        -

        Inbound interface

        if-match inbound-interface interface-type interface-number

        A traffic policy containing this matching rule cannot be applied to the outbound direction or in the interface view.

        Outbound interface

        if-match outbound-interface interface-type interface-number

        A traffic policy containing this matching rule cannot be applied to the inbound direction on X series cards.

        The traffic policy containing this matching rule cannot be applied in the interface view.

        ACL rule

        if-match acl { acl-number | acl-name }
        • When an ACL is used to define a traffic classification rule, it is recommended that the ACL be configured first.
        • If an ACL in a traffic classifier defines multiple rules, a packet matches the ACL as long as it matches one of rules, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

        ACL6 rule

        if-match ipv6 acl { acl-number | acl-name }

        Before specifying an ACL6 in a matching rule, configure the ACL6.

        Flow ID

        if-match flow-id flow-id

        The traffic classifier containing if-match flow-id and the traffic behavior containing remark flow-id must be bound to different traffic policies.

        The traffic policy containing if-match flow-id can be only applied to an interface, a VLAN, a card, or the system in the inbound direction.

        X series cards and SA cards of the S series do not support matching of flow IDs.

      4. Run:

        quit

        Exit from the traffic classifier view.

    2. Configure a traffic behavior.
      1. Run:

        traffic behavior behavior-name

        A traffic behavior is created and the traffic behavior view is displayed.

      2. Run:

        mac-address learning disable

        MAC address learning is disabled in the traffic behavior view.

      3. Run:

        quit

        Exit from the traffic behavior view.

      4. Run:

        quit

        Exit from the system view.

    3. Configure a traffic policy.
      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        traffic policy policy-name [ match-order { auto | config } ]

        A traffic policy is created and the traffic policy view is displayed, or the view of an existing traffic policy is displayed.

        If no matching order is specified when you create a traffic policy, the default matching order is config.

        After a traffic policy is applied, you cannot use the traffic policy command to modify the matching order of traffic classifiers in the traffic policy. To modify the matching order, delete the traffic policy, and re-create a traffic policy and specify the matching order.

        When creating a traffic policy, you can specify the matching order of matching rules in the traffic policy. The matching order can be either automatic order or configuration order:
        • If automatic order is used, traffic classifiers are matched based on the priorities of their types. The traffic classifiers based on the following information are in descending order of priority: Layer 2 and IPv4 Layer 3 information, advanced ACL6 information, basic ACL6 information, Layer 2 information, IPv4 Layer 3 information, and user-defined ACL information. The traffic classifier with the highest priority is matched first. If data traffic matches multiple traffic classifiers, and the traffic behaviors conflict with each other, the traffic behavior corresponding to the highest priority rule takes effect.
        • If configuration order is used, traffic classifiers are matched based on their priorities. The traffic classifier with the highest priority is matched first. A smaller priority value indicates a higher priority of a traffic classifier. If precedence-value is not specified, the system allocates a priority to the traffic classifier. The allocated priority value is [(max-precedence + 5) / 5] x 5, where max-precedence specifies the maximum priority of a traffic classifier. For details about the priority of a traffic classifier, refer to the traffic classifier command.
      3. Run:

        classifier classifier-name behavior behavior-name

        A traffic behavior is bound to a traffic classifier in a traffic policy.

      4. Run:

        quit

        Exit from the traffic policy view.

      5. Run:

        quit

        Exit from the system view.

    4. Apply the traffic policy.
      • Applying a traffic policy to an interface
        1. Run:

          system-view

          The system view is displayed.

        2. Run:

          interface interface-type interface-number

          The interface view is displayed.

        3. Run:

          traffic-policy policy-name { inbound | outbound }

          A traffic policy is applied to the interface.

          A traffic policy can be applied to only one direction on an interface, but a traffic policy can be applied to different directions on different interfaces. After a traffic policy is applied to an interface, the system performs traffic policing for all relevant packets that match traffic classification rules on the interface.

      • Applying a traffic policy to a VLAN
        1. Run:

          system-view

          The system view is displayed.

        2. Run:

          vlan vlan-id

          The VLAN view is displayed.

        3. Run:

          traffic-policy policy-name { inbound | outbound }

          A traffic policy is applied to the VLAN.

          Only one traffic policy can be applied to a VLAN in the inbound or outbound direction.

          After a traffic policy is applied, the system performs traffic policing for the packets that belong to that VLAN and match the relevant traffic classification rules. However, the traffic policy does not take effect for packets in VLAN 0.

      • Applying a traffic policy to the system or an LPU
        1. Run:

          system-view

          The system view is displayed.

        2. Run:

          traffic-policy policy-name global { inbound | outbound } [ slot slot-id ]

          A traffic policy is applied to the system or an LPU.

          Only one traffic policy can be applied to the system or LPU for one direction. A traffic policy cannot be applied to the same direction in the system and on the LPU simultaneously.

Checking the Configuration

  • Run the display traffic classifier user-defined [ classifier-name ] command to check the traffic classifier configuration on the device.
  • Run the display traffic behavior user-defined [ behavior-name ] command to check the traffic behavior configuration on the device.
  • Run the display traffic policy user-defined [ policy-name [ classifier classifier-name ] ] command to check the user-defined traffic policy configuration.
  • Run the display traffic-applied [ interface [ interface-type interface-number ] | vlan [ vlan-id ] ] { inbound | outbound } [ verbose ] command to check traffic actions and ACL rules associated with the system, a VLAN, or an interface.
  • Run the display traffic policy { interface [ interface-type interface-number ] | vlan [ vlan-id ] | global } [ inbound | outbound ] command to check the traffic policy configuration on the device.
  • Run the display traffic-policy applied-record [ policy-name ] command to check the record of the specified traffic policy.
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000142081

Views: 271320

Downloads: 420

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next