No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

S7700 and S9700 V200R012C00

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, VLAN aggregation, MUX VLAN, VLAN termination, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, HVRP, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
MAC Address Learning Control

MAC Address Learning Control

To consume MAC address table resources of a switch and thereby prevent the switch from learning new entries, a malicious user may send large numbers of packets with spurious source MAC addresses. Such an attack will also consume bandwidth resources because the switch broadcasts the packets that do not match MAC address entries.

To address the preceding issue, the switch provides the following MAC address learning control methods:

  • Disabling MAC address learning on a VLAN or an interface

  • Limiting the number of learned MAC address entries on a VLAN or an interface

Table 2-3  MAC address learning control
MAC Address Learning Control Method Description Application Scenario

Disabling MAC address learning on a VLAN or an interface

After MAC address learning is disabled on a VLAN or an interface, the switch does not learn new dynamic MAC address entries on the VLAN or interface. The dynamic MAC address entries already learned are aged out when the aging time expires. These entries can also be manually deleted through commands.

  • Generally, a malicious user will send packets to only one interface on the switch. Therefore, you can use either of the two methods to protect MAC address table resources.
  • The method of limiting the number of learned MAC address entries on a VLAN or an interface can also be used to limit the number of access users.

Limiting the number of learned MAC address entries on a VLAN or an interface

The switch can learn only the specified number of MAC address entries on a VLAN or an interface.

When the specified number is reached, the switch reports an alarm.

Subsequently, the switch cannot learn new MAC address entries on the VLAN or interface and discards the packets whose source MAC address is not in the MAC address table.

Translation
Download
Updated: 2019-01-18

Document ID: EDOC1100038843

Views: 108197

Downloads: 71

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next