No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

CloudEngine 8800, 7800, 6800, and 5800 V200R003C00

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, MUX VLAN, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Correct MAC Address Entry Cannot Be Learned on the Device

Correct MAC Address Entry Cannot Be Learned on the Device

Fault Description

MAC address entries cannot be learned on the device, so Layer 2 forwarding fails.

Procedure

  1. Check that the configurations on the interface are correct.

    Run the display mac-address command in any view to check whether the binding relationships between the MAC address, VLAN, and interface are correct.

    <HUAWEI> display mac-address 
    ------------------------------------------------------------------------------- 
    MAC Address    VLAN/VSI                          Learned-From        Type       
    ------------------------------------------------------------------------------- 
    0025-9e80-2494 1/-                               10GE1/0/1            dynamic    
                                                                                    
    ------------------------------------------------------------------------------- 
    Total items: 1                                                       

    If not, re-configure the binding relationships between the MAC address, VLAN, and interface.

    If yes, go to step 2.

  2. Check whether a loop on the network causes MAC address flapping.
    • Remove the loop from the network.

    If no loop exists, go to step 3.

  3. Check that MAC address learning is enabled.

    Check whether MAC address learning is enabled in the interface view and the VLAN view.

    [~HUAWEI-10GE1/0/1] display this
    #
    interface 10GE1/0/1
     mac-address learning disable 
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
    
    [~HUAWEI-vlan10] display this
    #
    vlan 10
     mac-address learning disable
    #
    return
    

    If the command output contains mac-address learning disable, MAC address learning is disabled on the interface or VLAN.

    • If MAC address learning is disabled, run the undo mac-address learning disable [ action { discard | forward } ] command in the interface view or undo mac-address learning disable in the VLAN view to enable MAC address learning.
    • If MAC address learning is enabled on the interface or vlan, go to step 4.
  4. Check whether any blackhole MAC address entry or MAC address limiting is configured.

    If a blackhole MAC address entry or MAC address limiting is configured, the interface discards packets.

    • Blackhole MAC address entry

      Run the display mac-address blackhole command to check whether any blackhole MAC address entry is configured.
      [~HUAWEI] display mac-address blackhole
      -------------------------------------------------------------------------------
      MAC Address    VLAN/VSI                          Learned-From        Type
      -------------------------------------------------------------------------------
      0001-0001-0001 3333/-                            -                   blackhole
      
      -------------------------------------------------------------------------------
      Total items: 1

      If a blackhole MAC address entry is displayed, run the undo mac-address blackhole command to delete it.

    • MAC address limiting on the interface or VLAN

      • Run the display this command in the interface view or VLAN view. If the command output contains mac-address limit maximum, the number of learned MAC addresses is limited. Run either of the following commands:
        • Run the undo mac-address limit command in the interface view or VLAN view to cancel MAC address limiting.
        • Run the mac-address limit command in the interface view or VLAN view to increase the maximum number of learned MAC address entries.
      • Run the display this command in the interface view. If the command output contains port-security maximum or port-security enable, the number of secure dynamic MAC addresses is limited on the interface. Run either of the following commands:
        NOTE:
        By default, the limit on the number of secure dynamic MAC addresses is 1 after port security is enabled.
        • Run the undo port-security enable command in the interface view to disable port security.
        • Run the port-security maximum command in the interface view to increase the maximum number of secure dynamic MAC address entries on the interface.

    If the fault persists, go to step 5.

  5. Check whether the number of learned MAC address entries has reached the maximum value supported by the switch.

    Run the display mac-address summary command to check the number of MAC address entries in the MAC address table.

    • If the number of learned MAC address entries has reached the maximum value supported by the switch, no MAC address entry can be created. Run the display mac-address command to view all MAC address entries.
      • If the number of MAC address entries learned on an interface is much larger than the number of devices on the network connected to the interface, a user on the network may maliciously update the MAC address table. Check the device connected to the interface:
        • If the interface is connected to a device, run the display mac-address command on the device to view its MAC address table. Locate the interface connected to the malicious user host based on the displayed MAC address entries. If the interface that you find is connected to another device, repeat this step until you find the user of the malicious user.
        • If the interface is connected to a computer, perform either of the following operations after obtaining permission from the administrator:
          • Disconnect the computer. When the attack stops, connect the computer to the network again.
          • Run the port-security enable command on the interface to enable port security or run the mac-address limit command to set the maximum number of MAC addresses that the interface can learn to 1.
        • If the interface is connected to a hub, perform either of the following operations:
          • Configure port mirroring or other tools to observe packets received by the interface. Analyze the packet types to locate the attacking computer. Disconnect the computer after obtaining permission from the administrator. When the attack stops, connect the computer to the hub again.
          • Disconnect computers connected to the hub one by one after obtaining permission from the administrator. If the fault is rectified after a computer is disconnected, the computer is the attacker. After it stops the attack, connect it to the hub again.
      • If the number of MAC addresses on the interface is equal to or smaller than the number of devices connected to the interface, the number of devices connected to the switch has exceeded the maximum supported by the switch. Adjust network deployment.
Translation
Download
Updated: 2019-05-08

Document ID: EDOC1100004351

Views: 126801

Downloads: 296

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next