No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

S7700 and S9700 V200R011C10

This document describes the configuration of Ethernet services, including configuring link aggregation, VLANs, Voice VLAN, VLAN mapping, QinQ, GVRP, MAC table, STP/RSTP/MSTP, SEP, and so on.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
MAC Address Entries Failed to Be Learned on an Interface

MAC Address Entries Failed to Be Learned on an Interface

Fault Symptom

MAC address entries cannot be learned on an interface, causing Layer 2 forwarding failures.

Procedure

  1. Check the configuration on the device.

    Check Item

    Check Method

    Follow-up Operation

    Whether the VLAN that the interface belongs to has been created

    Run the display vlan vlan-id command in any view. If the system displays the message "Error: The VLAN does not exist", the VLAN is not created.

    Run the vlan vlan-id command in the system view to create the VLAN.

    Whether the interface transparently transmits packets from the VLAN

    Run the display vlan vlan-id command in any view to check whether the interface name exists. If not, the interface does not transparently transmit packets from the VLAN.

    Run one of the following commands in the interface view to add the interface to the VLAN.

    • Run the port trunk allow-pass vlan command if the interface is a trunk interface.
    • Run the port hybrid tagged vlan or port hybrid untagged vlan command if the interface is a hybrid interface.
    • Run the port default vlan command if the interface is an access interface.

    Whether a blackhole MAC address entry is configured

    Run the display mac-address blackhole command in any view to check whether a blackhole MAC address entry is configured.

    If a blackhole MAC address entry is displayed, run the undo mac-address blackhole command to delete it.

    Whether MAC address learning is disabled on the interface or in the VLAN

    Run the display this | include learning command in the interface view and VLAN view to check whether the mac-address learning disable configuration exists. If so, MAC address learning is disabled on the interface or in the VLAN.

    Run the undo mac-address learning disable command in the interface view or VLAN view to enable MAC address learning.

    Whether MAC address limiting is configured on the interface and in the VLAN

    Run the display this | include mac-limit command in the interface view and VLAN view to check whether there is the MAC address limiting configuration. If so, the maximum number of learned MAC address entries is set.

    • Run the mac-limit command in the interface view or VLAN view to increase the maximum number of learned MAC address entries.
    • Run the undo mac-limit command in the interface view or VLAN view to cancel MAC address limiting.

    Whether port security is configured on the interface

    Run the display this | include port-security command in the interface view to check whether there is the port security configuration. If so, port security is configured on the interface.

    • Run the undo port-security enable command in the interface view to disable port security.
    • Run the port-security max-mac-num command in the interface view to increase the maximum number of secure dynamic MAC address entries on the interface.

    If the fault persists, go to step 2.

  2. Check whether a loop causes MAC address entry flapping.

    1. Generally, MAC address flapping is caused by loops. Run the mac-address flapping detection command in the system view to configure MAC address flapping detection.
    2. The system checks all MAC addresses in the VLAN to detect MAC address flapping. Run the display mac-address flapping record command to check MAC address flapping records to determine whether a loop occurs.
    3. If MAC address flapping occurs, use the following methods to remove MAC address flapping:
      • Eliminate the loop.
      • Run the mac-learning priority command in the interface view to configure the MAC address learning priority for the interface so that a MAC address is learned by the correct interface.

    If no loop occurs, go to step 3.

  3. Check whether the number of learned MAC address entries has reached the maximum value. If so, the device cannot learn new MAC address entries.

    • If the number of MAC address entries on the interface is less than or equal to the number of hosts connected to the interface, the device is connected to more hosts than it supports. Adjust the network deployment.
    • If the interface has learned more MAC address entries than the hosts connected to the interface, the interface may be undergoing a MAC address attack from the attached network. Locate the attack source in accordance with the following table.

      Scenario

      Solution

      The interface connects to another network device.

      Run the display mac-address command on the connected device to view MAC address entries. Locate the interface connected to the malicious user host based on the displayed MAC address entries. If the interface that you find is connected to another device, repeat this step until you find the malicious host.

      The interface connects to a host.

      • Disconnect the host after obtaining permission from the administrator. When the attack stops, connect the host to the network again.
      • Run the port-security enable command on the interface to enable port security or the mac-limit command to set the maximum number of MAC address entries to 1.

      The interface connects to a hub.

      • Configure port mirroring and use a tool to analyze packets received by the interface. Analyze the packet types to locate the attacking host. Disconnect the host after obtaining permission from the administrator. When the attack stops, connect the host to the hub again.
      • Disconnect hosts connected to the hub one by one after obtaining permission from the administrator. If the fault is rectified after a host is disconnected, the host is the attacker. After the host stops the attack, connect it to the hub again.

    If the number of MAC addresses that have learned by the device does not reach the maximum number of addresses allowed on the device but MAC addresses still cannot be learned, go to step 4.

  4. Check whether a MAC address hash conflict alarm is generated on the device.

    L2IFPPI/4/MACHASHCONFLICTALARM: OID [oid] A hash conflict occurs in MAC addresses.(IfIndex=[INTEGER], MacAddr=[OPAQUE], VLAN=[GAUGE], VsiName=[OCTET1], InterfaceName=[OCTET2]).

    For details about how to handle this alarm, see L2IFPPI_1.3.6.1.4.1.2011.5.25.315.3.6 hwMacTrapHashConflictAlarm.

Translation
Download
Updated: 2019-10-18

Document ID: EDOC1000178310

Views: 299995

Downloads: 141

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next