No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Ethernet Switching

AR650, AR1600, and AR6100 V300R003

This document describes how to configure the components for LAN services, including link aggregation groups, VLANs, voice VLANs, MAC address tables, transparent bridging, as well as GVRP, STP/RSTP, and MSTP protocols.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Summary of MAC Address Table Configuration Tasks

Summary of MAC Address Table Configuration Tasks

Table 1-4  MAC address table configuration tasks
Scenario Description Task

MAC addresses and interfaces need to be bound statically.

Configure static MAC address entries to bind MAC addresses and interfaces, improving security of authorized users.

Configuring a Static MAC Address Entry

Attack packets from unauthorized users need to be filtered out.

Configure blackhole MAC address entries to filter out packets from unauthorized users, thereby protecting the system against attacks.

Configuring a Blackhole MAC Address Entry

Aging of dynamic MAC address entries needs to be flexibly controlled.

Set the aging time according to your needs. Set the aging time to a large value or 0 (not to age dynamic MAC address entries) on a stable network; set a short aging time in other situations.

Setting the Aging Time of Dynamic MAC Address Entries

MAC address learning needs to be controlled.

Attacks initiated by unauthorized users may exhaust MAC address entries. To prevent this problem, disable MAC address learning or limit the number of learned MAC address entries.

Disabling MAC Address Learning

Configuring the MAC Address Limiting Function

MAC address flapping needs to be detected.

MAC address flapping occurs when a MAC address is learned by two interfaces in the same VLAN and the MAC address entry learned later overrides the earlier one.

MAC address flapping detection enables a switch to check whether any MAC address flaps between interfaces and determine whether a loop occurs. When MAC address flapping occurs, the switch sends an alarm to the NMS. The network maintenance personnel can locate the loop based on the alarm information and historical records for MAC address flapping. This greatly improves network maintainability. If the network connected to the switch does not support loop prevention protocols, configure the switch to shut down the interfaces where MAC address flapping occurs to reduce the impact of MAC address flapping on the network.

Configuring MAC Address Flapping Detection

Download
Updated: 2019-04-12

Document ID: EDOC1100041791

Views: 64150

Downloads: 41

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next