Disabling MAC Address Learning
Background
The MAC address learning function is enabled by default on the switch. When receiving a data frame, the switch records the source MAC address of the data frame and the interface that receives the data frame in a MAC address entry. When receiving data frames destined for this MAC address, the switch forwards the data frames through the outbound interface according to the MAC address entry. The MAC address learning function reduces broadcast packets on a network. After MAC address learning is disabled on an interface, the switch does not learn source MAC addresses of data frames received by the interface, but the dynamic MAC address entries learned on the interface are not immediately deleted. These dynamic MAC address entries are deleted after the aging time expires or can be manually deleted using commands.
Procedure
Run system-view
The system view is displayed.
Run interface interface-type interface-number
The interface view is displayed.
Run mac-address learning disable [ action { discard | forward } ]
MAC address learning is disabled on the interface.
By default, MAC address learning is enabled on an interface.
By default, the switch takes the forward action after MAC address learning is disabled. That is, the switch forwards packets according to the MAC address table. When the action is set to discard, the switch looks up the source MAC address of the packet in the MAC address table. If the source MAC address is found in the MAC address table, the switch forwards the packet according to the matching MAC address entry. If the source MAC address is not found, the switch discards the packet.
Run commit
The configuration is committed.
Run system-view
The system view is displayed.
Run vlan vlan-id
The VLAN view is displayed.
Run mac-address learning disable
MAC address learning is disabled in the VLAN.
By default, MAC address learning is enabled in a VLAN.
Run commit
The configuration is committed.
- Configure a traffic classifier.
Run system-view
The system view is displayed.
- Run traffic classifier classifier-name [ type { and | or } ]
A traffic classifier is created and the traffic classifier view is displayed, or the view of an existing traffic classifier is displayed.
and is the logical operator between rules in a traffic classifier, which means that:If a traffic classifier contains ACL rules, packets match the traffic classifier only if they match one ACL rule and all the non-ACL rules.
If a traffic classifier does not contain any ACL rules, packets match the traffic classifier only if they match all the rules in the classifier.
By default, the relationship between rules in a traffic classifier is or.
Run if-match
Matching rules are defined for the traffic classifier.
For details about matching rules in a traffic classifier, see "Configuring a Traffic Classifier" in "MQC Configuration" of the CloudEngine 12800 and 12800E Series Switches Configuration Guide - QoS Configuration Guide.
Run commit
The configuration is committed.
Run quit
Exit from the traffic behavior view.
- Configure a traffic behavior.
Run traffic behavior behavior-name
A traffic behavior is created and the traffic behavior view is displayed, or the view of an existing traffic behavior is displayed.
Run mac-address learning disable
MAC address learning is disabled in a traffic behavior.
(Optional) Run statistics enable
The traffic statistics function is enabled.
Run commit
The configuration is committed.
Run quit
Exit from the traffic behavior view.
Run quit
Exit from the system view.
- Configure a traffic policy.
Run system-view
The system view is displayed.
Run traffic policy policy-name
A traffic policy is created and the traffic policy view is displayed, or the view of an existing traffic policy is displayed.
Run classifier classifier-name behavior behavior-name [ precedence precedence-value ]
A traffic behavior is bound to a traffic classifier in the traffic policy.
Run commit
The configuration is committed.
Run quit
Exit from the traffic policy view.
Run quit
Exit from the system view.
- Apply the traffic policy.
A traffic policy containing mac-address learning disable (traffic behavior view) can only be applied in the inbound direction.
For details about the configuration guidelines of applying traffic policies in different views on the CE12800, see Licensing Requirements and Limitations for MQC (CE12800).
For details about the configuration guidelines of applying traffic policies in different views on the CE12800E, see Licensing Requirements and Limitations for MQC (CE12800E).
For the CE12800 and the CE12800E equipped with FD-X series cards, run the display traffic-policy pre-state { global [ slot slot-id ] | interface { interface-type interface-number } | vlan vlan-id | bridge-domain bd-id } policy-name { inbound | outbound } command before committing the configuration to check the information about resources occupied by the traffic policy to be applied and determine whether the traffic policy can be successfully applied based on the information.
- If a traffic policy needs to be applied to multiple VLANs and interfaces or multiple traffic classifiers for matching packets from different source IP addresses need to be bound to the same traffic policy, you are advised to add these VLANs, source IP addresses, and interfaces to the same QoS group and apply the traffic policy to the QoS group.
- Applying a traffic policy to an interface
Run system-view
The system view is displayed.
Run interface interface-type interface-number
The interface view is displayed.
Run traffic-policy policy-name inbound
A traffic policy is applied to the interface in the inbound direction.
Run commit
The configuration is committed.
- Applying a traffic policy to a VLAN
Run system-view
The system view is displayed.
Run vlan vlan-id
The VLAN view is displayed.
Run traffic-policy policy-name inbound
A traffic policy is applied to the VLAN in the inbound direction.
After a traffic policy is applied, the system performs traffic policing for the packets that belong to a VLAN and match traffic classification rules in the inbound direction.
Run commit
The configuration is committed.
- Applying a traffic policy to the system or an LPU
Run system-view
The system view is displayed.
Run traffic-policy policy-name global [ slot slot-id ] inbound
A traffic policy is applied to the system or an LPU in the inbound direction.
Run commit
The configuration is committed.
- Applying a traffic policy to a VSI
The CE12800E does not support to apply a traffic policy to a VSI.
Run system-view
The system view is displayed.
Run vsi vsi-name
The VSI view is displayed.
Run traffic-policy policy-name inbound
A traffic policy is applied to the VSI in the inbound direction.
Run commit
The configuration is committed.
- Applying a traffic policy to a QoS group (Only the CE12800E supports this method)
Run system-view
The system view is displayed.
Run qos group group-name
The QoS group view is displayed.
- Run the following commands as required.
Run the group-member interface { interface-type interface-number1 [ to interface-type interface-number2 ] } &<1-8> command to add interfaces to the QoS group.
Run the group-member vlan { vlan-id1 [ to vlan-id2 ] } &<1-8> command to add VLANs to the QoS group.
Run the group-member ip source ip-address { mask | mask-length } command to add source IP addresses to the QoS group.
Run traffic-policy policy-name inbound
A traffic policy is applied to a QoS group.
Run commit
The configuration is committed.
- Applying a traffic policy to a BD
Run system-view
The system view is displayed.
Run bridge-domain bd-id
The BD view is displayed.
Run traffic-policy policy-name inbound
A traffic policy is applied to the BD.
Run commit
The configuration is committed.
Verifying the Configuration
- Run the display traffic classifier [ classifier-name ] command to check the traffic classifier configuration.
- Run the display traffic behavior [ behavior-name ] command to check the traffic behavior configuration on the device.
Run the display traffic policy [ policy-name [ classifier classifier-name ] ] command to check the traffic policy configuration.
Run the display traffic-policy applied-record [ policy-name ] [ global [ slot slot-id ] | interface interface-type interface-number | vlan vlan-id | vsi vsi-name | vpn-instance vpn-instance-name | qos group group-id | bridge-domain bd-id ] [ inbound | outbound ] command to check the application records of a specified traffic policy.
The CE12800E does not support the vsi vsi-name parameter.
- Run the display system tcam fail-record [ slot slot-id ] command to display TCAM delivery failures.
- Run the display system tcam service brief [ slot slot-id ] command to display the group index and rule count occupied by different services.
- Run the display system tcam service { cpcar slot slot-id | service-name slot slot-id [ chip chip-id ] } command to display IDs of entries delivered by services on the specified chip or in the specified slot.
- Run one of the following commands to display data of a traffic policy that has been applied:
- display system tcam service traffic-policy { global | vlan vlan-id | interface interface-type interface-number | vsi vsi-name | vpn-instance vpn-instance-name | qos group group-id | bridge-domain bd-id } policy-name { inbound | outbound } [ slot slot-id [ chip chip-id ] ]
The CE12800E does not support the vsi vsi-name parameter.
- display system tcam service traffic-policy slot slot-id policy-name { inbound | outbound } [ chip chip-id ]
- display system tcam service traffic-policy { global | vlan vlan-id | interface interface-type interface-number | vsi vsi-name | vpn-instance vpn-instance-name | qos group group-id | bridge-domain bd-id } policy-name { inbound | outbound } [ slot slot-id [ chip chip-id ] ]
- (For the CE12800E configured with FD-X series cards) Run the display system tcam match-rules slot slot-id [ [ ingress | egress | group group-id ] | [ delay-time time-value ] ] * command to display matched entries.
- (For the CE12800E configured with ED-E, EG-E, and EGA-E series cards) Run the display system tcam match-rules slot slot-id chip chip-id index index-id command to display matched entries.