No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

CloudEngine 8800, 7800, 6800, and 5800 V200R003C00

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, MUX VLAN, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
MAC Address Learning Control

MAC Address Learning Control

When hackers send a large number of packets with different source MAC addresses to a device, useless MAC addresses will consume MAC address entry resources of the device. As a result, the device cannot learn source MAC addresses of valid packets. The device broadcasts the packets that do not match MAC address entries, wasting bandwidth resources.

The device provides the following MAC address learning control methods to address the preceding issue:

  • Disabling MAC address learning on a VLAN or an interface

  • Limiting the number of learned MAC address entries on a VLAN or an interface

Table 2-3 MAC address learning control
MAC Address Learning Control Method Principle Application Scenario

Disabling MAC address learning on a VLAN or an interface

After MAC address learning is disabled on a VLAN or an interface, the device does not learn new dynamic MAC address entries on the VLAN or interface. The dynamic MAC address entries learned before are aged out when the aging time expires. They can also be manually deleted using commands.

  • In most cases, attack packets sent by a hacker enter the device through the same interface. Therefore, you can use either of the two methods to prevent attack packets from using up MAC address entry resources on the device.
  • The method of limiting the number of learned MAC address entries on a VLAN or an interface can also be used to limit the number of access users.

Limiting the number of learned MAC address entries on a VLAN or an interface

The device can only learn a specified number of MAC address entries on a VLAN or an interface.

When the number of learned MAC address entries reaches the limit, the device reports an alarm to notify the network administrator.

After that, the device cannot learn new MAC address entries on the VLAN or interface and discards the packets with source MAC addresses out of the MAC address table.

Translation
Download
Updated: 2019-05-08

Document ID: EDOC1100004351

Views: 93427

Downloads: 276

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next