No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access 01

This is ME60 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of MAC Addresses

Overview of MAC Addresses

This section briefly describes the basic concept of a MAC address table, modes for generating MAC address entries, MAC address entry classification, and MAC address-based packet forwarding.

Basic Concept of a MAC Address Table

Each device maintains a MAC address table. A MAC address table stores MAC addresses, VLAN IDs, and outbound interfaces learned from other devices, listed in Table 2-1. To forward data, the device searches the MAC address table to quickly locate the outbound interface based on the destination MAC address and VLAN ID in the data frame. This implementation reduces broadcast traffic.

Table 2-1 MAC address entries

MAC Address

VLAN ID

Outbound Interface

0001-0001-0001

10

GE 3/0/1

0011-0022-0034

20

GE 2/0/4

1011-0022-0034

30

Eth-Trunk 20

If a destination host is added to multiple VLANs, one MAC address corresponds to multiple VLAN IDs in the MAC forwarding entries.

Modes for Generating MAC Address Entries

  • Automatic generation

    Usually, a device automatically generates a MAC address table by learning source MAC addresses. The MAC address table needs to be updated constantly to meet the requirements of network changes. The entries automatically generated are not always valid. If a MAC address entry is not updated before its aging time expires, the entry will be deleted. The aging time is called a lifecycle. If an entry is updated before its aging time expires, the aging time will be recalculated for the entry.

  • Manual configuration

    When a device sets up a MAC address table automatically by learning source MAC addresses, the system cannot identify whether the packets are sent from authorized users or hackers, bringing security risks. If hackers disguise the source MAC addresses of attack packets as authorized MAC addresses and send the attack packets with the forged MAC addresses to the device through another interface, the device will learn incorrect MAC address entries. As a result, the packets that should be forwarded to authorized users are forwarded to hackers. To improve interface security, a network administrator can add specific MAC address entries to the MAC address table to bind the user terminal to the interface. In this way, the device can stop unauthorized users from intercepting data. The configured MAC address entries take precedence over automatically generated entries.

Classification of MAC Address Entries

MAC address entries can be classified as dynamic, static, or blackhole MAC address entries.
  • Static MAC address entry: configured by users. A packet with the destination MAC address matching a static MAC address entry is forwarded from the specified interface. Packet forwarding based on static MAC address entries prevents packets with forged MAC addresses from attacking the device. Static MAC address entries take precedence over dynamic MAC address entries.
  • Dynamic MAC address entry: created by a device by learning source MAC addresses. A dynamic MAC address entry can be created only after source MAC address leaning is enabled.
  • Static blackhole MAC address entry: configured by users.To prevent invalid MAC address entries (unauthorized users, for example) from using the MAC address table space and prevent hackers from attacking a device or network using forged MAC addresses, configure MAC addresses of untrusted users as blackhole MAC addresses. A device discards packets destined for static blackhole MAC addresses. Blackhole MAC address entries take precedence over dynamic entries.

MAC Address-based Packet Forwarding

A device forwards packets in either of the following modes based on MAC address entries:
  • Unicast mode: If the MAC address table contains an entry matching the destination MAC address of a packet, the device forwards the packet from the outbound interface in the entry.
  • Broadcast mode: If a packet received by a device is a broadcast or multicast packet, or if the MAC address table of the device does not contain an entry matching the destination MAC address of the packet, the device broadcasts the packet through all interfaces except the interface that has received the packet.
Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059440

Views: 26575

Downloads: 18

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next