MAC Address Learning Control

Enterprise

Worldwide

- Türkçe

History
Popular search
Switches Routers Servers Storage Data Center Energy Cloud Computing
Quick access
Recommended

MAC Address Learning Control

When hackers send a large number of packets with different source MAC addresses to a device, useless MAC addresses will consume MAC address entry resources of the device. As a result, the device cannot learn source MAC addresses of valid packets. The device broadcasts the packets that do not match MAC address entries, wasting bandwidth resources.

The device provides the following MAC address learning control methods to address the preceding issue:

Disabling MAC address learning on a VLAN or an interface
Limiting the number of learned MAC address entries on a VLAN or an interface

Table 2-3 MAC address learning control

MAC Address Learning Control Method	Principle	Application Scenario
Disabling MAC address learning on a VLAN or an interface	After MAC address learning is disabled on a VLAN or an interface, the device does not learn new dynamic MAC address entries on the VLAN or interface. The dynamic MAC address entries learned before are aged out when the aging time expires. They can also be manually deleted using commands.	In most cases, attack packets sent by a hacker enter the device through the same interface. Therefore, you can use either of the two methods to prevent attack packets from using up MAC address entry resources on the device. The method of limiting the number of learned MAC address entries on a VLAN or an interface can also be used to limit the number of access users.
Limiting the number of learned MAC address entries on a VLAN or an interface	The device can only learn a specified number of MAC address entries on a VLAN or an interface. When the number of learned MAC address entries reaches the limit, the device reports an alarm to notify the network administrator. After that, the device cannot learn new MAC address entries on the VLAN or interface and discards the packets with source MAC addresses out of the MAC address table.

MAC Address Learning Control Method

Principle

Application Scenario

Disabling MAC address learning on a VLAN or an interface

After MAC address learning is disabled on a VLAN or an interface, the device does not learn new dynamic MAC address entries on the VLAN or interface. The dynamic MAC address entries learned before are aged out when the aging time expires. They can also be manually deleted using commands.

In most cases, attack packets sent by a hacker enter the device through the same interface. Therefore, you can use either of the two methods to prevent attack packets from using up MAC address entry resources on the device.
The method of limiting the number of learned MAC address entries on a VLAN or an interface can also be used to limit the number of access users.

Limiting the number of learned MAC address entries on a VLAN or an interface

The device can only learn a specified number of MAC address entries on a VLAN or an interface.

When the number of learned MAC address entries reaches the limit, the device reports an alarm to notify the network administrator.

After that, the device cannot learn new MAC address entries on the VLAN or interface and discards the packets with source MAC addresses out of the MAC address table.

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, M-LAG, VLAN, QinQ, VLAN mapping, GVRP, STP/RSTP, MSTP, VBST, ERPS (G.8032), LBDT, and Layer 2 protocol transparent transmission.

Related Version

Related Documents