CloudEngine 9800, 8800, 6800, and 5800 V200R020C10 Command Reference
MAC Address Table Configuration Commands
- display bridge mac-address
- display mac-address
- display mac-address aging-time
- display mac-address blackhole
- display mac-address dynamic
- display mac-address flapping
- display mac-address flapping active-table
- display mac-address flapping aged-table
- display mac-address forward-engine
- display mac-address hash-conflict
- display mac-address hash-mode
- display mac-address mux
- display mac-arp statistics
- display mac-nd statistics
- display mac-address peer-synchronization configuration
- display mac-address statistics
- display mac-address statistics vfe
- display mac-address synchronization configuration
- display mac-address static
- display mac-address summary
- display mac-address total-number
- display mac-address tunnel
- display mac-address limit
- drop illegal-mac enable
- mac-address aging-time
- mac-address blackhole
- mac-address flapping aging-time
- mac-address flapping detection
- mac-address flapping detection exclude
- mac-address flapping detection exclude vlan
- mac-address flapping periodical trap enable
- mac-address flapping periodical trap interval
- mac-address flapping trigger error-down
- mac-address hash-mode
- mac-address learning disable (Interface view)
- mac-address learning disable (VLAN view)
- mac-address learning disable (traffic behavior view)
- mac-address notification
- mac-address notification interval
- mac-address static vlan
- mac-address update arp enable
- mac-address learning priority
- mac-address learning priority allow-flapping
- mac-address limit
- mac-address miss action discard
- port bridge enable
- reset mac-address
- reset mac-address flapping record
- undo mac-address
- undo mac-address limit all
display bridge mac-address
display mac-address
Function
The display mac-address command displays the MAC address table of the switch. A MAC address entry contains the destination MAC address, VLAN ID, outbound interface, and entry type.
Format
display mac-address mac-address [ vlan vlan-id ] [ verbose ]
display mac-address [ vlan vlan-id | interface interface-type interface-number ] * [ verbose ]
Parameters
Parameter |
Description |
Value |
|---|---|---|
mac-address |
Specifies the destination MAC address in an entry. |
The value is in H-H-H format. H is a hexadecimal number of 4 digits, for example, 00e0 and fc01. If you enter fewer than four digits, 0s are prefixed to the input digits. For example, if you enter e0, the system changes e0 to 00e0. The MAC address cannot be FFFF-FFFF-FFFF, or a multicast MAC address. |
vlan vlan-id |
Displays MAC address entries in a specified VLAN. |
The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command. |
interface interface-type interface-number |
Displays the MAC address entries with a specified outbound interface.
|
- |
verbose |
Displays detailed information about MAC address entries. |
- |
Usage Guidelines
Usage Scenario
The MAC address table of the switch stores MAC addresses of other devices. When forwarding an Ethernet frame, the switch searches the MAC address table for the outbound interface according to the destination MAC address and VLAN ID in the Ethernet frame.
The display mac-address command displays all MAC address entries, such as dynamic MAC address entries, static MAC address entries, and blackhole MAC address entries. A MAC address entry contains the destination MAC address, VLAN ID, outbound interface, and entry type.
Follow-up Procedure
If any MAC address entry in the command output is incorrect, run the undo mac-address command to delete the entry or run the mac-address static command to add a correct one.
Precautions
If you run the display mac-address command without parameters, all MAC address entries are displayed.
- The displayed information is repeatedly refreshed, so you cannot find the required information.
- The system traverses and retrieves information for a long time, and does not respond to any request.
Run the display mac-address tunnel command to check MAC address entries learned through Layer 2 tunnels.
Run the display mac-address bridge-domain command to check MAC address entries in bridge domains (BDs) on the Virtual eXtensible Local Area Network (VXLAN) network.
Example
# Display all MAC address entries.
<HUAWEI> display mac-address Flags: * - Backup # - forwarding logical interface, operations cannot be performed based on the interface. BD : bridge-domain Age : dynamic MAC learned time in seconds ------------------------------------------------------------------------------- MAC Address VLAN/VSI/BD Learned-From Type Age ------------------------------------------------------------------------------- 0000-0000-0033 100/-/- 10GE1/0/1 dynamic 4294367295 0000-0000-0001 200/-/- 10GE1/0/2 static - ------------------------------------------------------------------------------- Total items: 2
Item |
Description |
|---|---|
Backup |
Backup way. |
MAC Address |
Destination MAC address in a MAC address entry. |
VLAN/VSI/BD |
NOTE:
Information including the BD is displayed only on the VXLAN-capable device. |
Learned-From |
Interface that learns a MAC address. |
Type |
Type of a MAC address entry.
|
Age |
Dynamic MAC learned time in seconds. |
display mac-address aging-time
Function
The display mac-address aging-time command displays the aging time of dynamic MAC address entries in the MAC address table.
Usage Guidelines
Usage Scenario
This command displays the aging time of dynamic MAC address entries on the switch. You can check whether the aging time is suitable for network requirements and device performance.
Follow-up Procedure
If the aging time is unsuitable for requirements or device performance, run the mac-address aging-time command to set the aging time properly.
Precautions
If the aging time is 0, dynamic MAC addresses will not be aged out. In this case, MAC address entries increase sharply and the MAC address table will be full quickly.
Example
# Display the aging time of dynamic MAC address entries.
<HUAWEI> display mac-address aging-time
Aging time: 300 second(s)
Item |
Description |
|---|---|
Aging time |
Aging time of dynamic MAC address entries, in seconds. To set the aging time, run the mac-address aging-time command. |
display mac-address blackhole
Parameters
| Parameter | Description | Value |
|---|---|---|
vlan vlan-id |
Displays blackhole MAC address entries in a specified VLAN. |
The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command. |
verbose |
Displays detailed information about blackhole MAC address entries. |
- |
Usage Guidelines
Usage Scenario
The MAC address table of the switch stores MAC addresses of other devices. When forwarding an Ethernet frame, the switch searches the MAC address table for the outbound interface according to the destination MAC address and VLAN ID in the Ethernet frame.
- Blackhole MAC address entries that are used to discard packets with the specified MAC addresses or destination MAC addresses. Blackhole MAC address entries are manually configured and will not be aged out.
- Static MAC entries that are manually configured and will not be aged out.
- Dynamic MAC address entries that are learned by the switch and will be aged out when the aging time expires.
To check whether blackhole MAC address entries are configured correctly, run this command. These entries ensure communication between authorized users.
Follow-up Procedure
If any blackhole MAC address entry in the command output is incorrect, run the undo mac-address command to delete the entry or run the mac-address blackhole command to add a correct one.
Precautions
If you run the display mac-address blackhole command without parameters, all blackhole MAC address entries are displayed.
If the MAC address table does not contain any blackhole MAC address, no information is displayed.
Example
# Display all blackhole MAC address entries.
<HUAWEI> display mac-address blackhole Flags: * - Backup # - forwarding logical interface, operations cannot be performed based on the interface. BD : bridge-domain Age : dynamic MAC learned time in seconds ------------------------------------------------------------------------------- MAC Address VLAN/VSI/BD Learned-From Type Age ------------------------------------------------------------------------------- 0001-0001-0001 100/-/- - blackhole - 0002-0002-0002 200/-/- - blackhole - ------------------------------------------------------------------------------- Total items: 2
Item |
Description |
|---|---|
Backup |
Backup way. |
MAC Address |
Destination MAC address in a blackhole MAC address entry. |
VLAN/VSI/BD |
NOTE:
Information including the BD is displayed only on the VXLAN-capable device. |
Learned-From |
When the type of a MAC address entry is blackhole, "-" is displayed. |
Type |
Type of a MAC address entry. |
Age |
Dynamic MAC learned time in seconds. |
display mac-address dynamic
Format
display mac-address dynamic [ slot slot-id ] [ vlan vlan-id | interface interface-type interface-number ] * [ verbose ]
Parameters
Parameter |
Description |
Value |
|---|---|---|
slot slot-id |
Displays dynamic MAC address entries of the device with the specified stack ID. |
The default value is 1 on an unstacked switch; the value depends on the number of stacked switches. |
vlan vlan-id |
Displays dynamic MAC address entries in a specified VLAN. |
The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command. |
interface interface-type interface-number |
Displays dynamic MAC address entries with a specified outbound interface.
|
- |
verbose |
Displays detailed information about dynamic MAC address entries. |
- |
Usage Guidelines
Usage Scenario
The MAC address table needs to be updated constantly because the network topology always changes. You can use this command to view learned MAC addresses in real time.
Follow-up Procedure
If the displayed dynamic MAC address entries are invalid, run the undo mac-address command to delete dynamic MAC address entries.
Precautions
If you run the display mac-address dynamic command without parameters, all dynamic MAC address entries are displayed.
If the MAC address table does not contain any dynamic MAC address entry, no information is displayed.
- The displayed information is repeatedly refreshed, so you cannot find the required information.
- The system traverses and retrieves information for a long time, and does not respond to any request.
Example
# Display all dynamic MAC address entries.
<HUAWEI> display mac-address dynamic Flags: * - Backup # - forwarding logical interface, operations cannot be performed based on the interface. BD : bridge-domain Age : dynamic MAC learned time in seconds ------------------------------------------------------------------------------- MAC Address VLAN/VSI/BD Learned-From Type Age ------------------------------------------------------------------------------- 0022-0022-0033 100/-/- 10GE1/0/1 dynamic 4294367295 0000-0000-0001 200/-/- 10GE1/0/2 dynamic 63843672 ------------------------------------------------------------------------------- Total items: 2
Item |
Description |
|---|---|
Backup |
Backup way. |
MAC Address |
Destination MAC address in a dynamic MAC address entry. |
VLAN/VSI/BD |
NOTE:
Information including the BD is displayed only on the VXLAN-capable device. |
Learned-From |
Interface that learns a MAC address. |
Type |
Type of a MAC address entry. |
Age |
Dynamic MAC learned time in seconds. |
display mac-address flapping
Function
The display mac-address flapping command displays active MAC address flapping records and aged MAC address flapping records.
Parameters
Parameter |
Description |
Value |
|---|---|---|
slot slot-id |
Displays MAC address flapping records on a stacked device. |
The value is an integer and is determined by the stack ID of the device. If no stacking is configured, the value is 1. |
begin YYYY/MM/DD HH:MM:SS |
Displays MAC address flapping records generated from the specified time to the current time. YYYY/MM/DD indicates year/month/date. HH:MM:SS indicates hour:minute:second. |
|
Usage Guidelines
The display mac-address flapping record command output helps locate the position where MAC address flapping occurs.
Example
# Display all MAC address flapping records.
When no MAC address flapping occurs on the device, the following information is displayed:
<HUAWEI> display mac-address flapping MAC Address Flapping Configurations : ------------------------------------------------------------------------------- Flapping detection : Enable Aging time(s) : 300 Quit-VLAN Recover time(m) : -- Exclude VLAN-list : -- Security level : Middle Exclude BD-list : -- ------------------------------------------------------------------------------
When MAC address flapping occurs on the device, the following information is displayed:
<HUAWEI> display mac-address flapping
MAC Address Flapping Configurations :
-------------------------------------------------------------------------------
Flapping detection : Enable
Aging time(s) : 300
Quit-VLAN Recover time(m) : --
Exclude VLAN-list : --
Security level : Middle
Exclude BD-list : --
-------------------------------------------------------------------------------
S: start time E: end time (D): error down
-------------------------------------------------------------------------------
Time : S:2017-10-24 15:46:04 E:2017-10-24 15:47:32
VLAN/BD : -/4000
MAC Address : 0010-3600-0007
Original-Port: Eth-Trunk1.3
Move-Ports : Eth-Trunk10.2
MoveNum : 1348
-------------------------------------------------------------------------------
Total items on slot 1: 1
Item |
Description |
|---|---|
MAC Address Flapping Configurations |
MAC address flapping configuration. |
Flapping detection |
MAC address flapping detection status:
|
Aging time(s) |
Aging time of flapping MAC addresses, in seconds. |
Quit-VLAN Recover time(m) |
Delay time before the interface joins a VLAN again after it is removed from the VLAN. If this field displays --, the interface cannot be removed from the VLAN where MAC address flapping occurs. |
Exclude VLAN-list |
VLAN that does not require MAC address flapping detection. If such a VLAN is specified, the VLAN ID is displayed. If the VLAN is not specified, this field is displayed as --. |
Security level |
MAC address flapping detection security level.
|
Exclude BD-list |
VXLAN BD whitelist for MAC address flapping detection. If the BD whitelist is configured, the BD ID is displayed. If the BD whitelist is not configured, this field is displayed as --. NOTE:
Information including the BD is displayed only on the VXLAN-capable device. |
S: start time |
Start time MAC address flapping occurs. |
E: end time |
End time MAC address flapping occurs. |
(D): error down |
A port is shut down when the number of times the MAC address has flapped reaches 3 and the Error-Down action is configured on the port. |
Time |
Start time and end time MAC address flapping occurs. |
VLAN/BD |
VLAN or VXLAN BD where MAC address flapping occurs. NOTE:
Information including the BD is displayed only on the VXLAN-capable device. |
MAC Address |
Flapping MAC address. |
Original-Port |
Port that learns the MAC address first. |
Move-Ports |
Port/Ports that learns/learn the MAC address later. |
MoveNum |
Number of times the MAC address has flapped. NOTE:
The maximum value is 65535. When the number of times the MAC address has flapped exceeds 65535, the MoveNum field still displays 65535. |
display mac-address flapping active-table
Function
The display mac-address flapping active-table command displays active MAC address flapping records.
Parameters
Parameter |
Description |
Value |
|---|---|---|
slot slot-id |
Displays active MAC address flapping records in a specified slot. |
The value is an integer. You can enter a question mark (?) and select a value from the displayed value range. |
Usage Guidelines
You can run this command to view active MAC address flapping records in all slots or a specified slot.
Example
# Display active MAC address flapping records.
<HUAWEI> display mac-address flapping active-table
S: start time E: end time (D): error down
-------------------------------------------------------------------------------
Time : S:2017-10-26 10:39:27 E:2017-10-26 10:50:09
VLAN/BD : -/4000
MAC Address : 0000-0000-6666
Original-Port: 10GE1/0/48.4000
Move-Ports : 10GE1/0/48.2000
MoveNum : 65535
-------------------------------------------------------------------------------
Total items on slot 1: 1
Item |
Description |
|---|---|
Time |
Start time and end time MAC address flapping occurs. |
VLAN/BD |
VLAN or VXLAN BD where MAC address flapping occurs. NOTE:
Information including the BD is displayed only on the VXLAN-capable device. |
MAC Address |
Flapping MAC address. |
Original-Port |
Interface that learns the MAC address first. |
Move-Ports |
Interface that learns the MAC address later. Multiple interfaces can learn the MAC address later. |
MoveNum |
Number of times the MAC address flaps. NOTE:
The maximum value is 65535. Even when the number of times the MAC address flaps is larger than 65535, the value of MoveNum is still 65535. |
display mac-address flapping aged-table
Function
The display mac-address flapping aged-table command displays aged MAC address flapping records.
Parameters
Parameter |
Description |
Value |
|---|---|---|
slot slot-id |
Displays aged MAC address flapping records in a specified slot. |
The value is an integer. You can enter a question mark (?) and select a value from the displayed value range. |
Usage Guidelines
You can run this command to view aged MAC address flapping records in all slots or a specified slot.
Example
# Display aged MAC address flapping records.
<HUAWEI> display mac-address flapping aged-table
S: start time E: end time (D): error down
-------------------------------------------------------------------------------
Time : S:2017-10-26 10:39:27 E:2017-10-26 10:50:09
VLAN/BD : -/4000
MAC Address : 0000-0000-6666
Original-Port: 10GE1/0/48.4000
Move-Ports : 10GE1/0/48.2000
MoveNum : 65535
-------------------------------------------------------------------------------
Total items on slot 1: 1
Item |
Description |
|---|---|
S: start time |
Start time MAC address flapping occurs. |
E: end time |
End time MAC address flapping occurs. |
(D): error down |
An interface configured with error-down will be closed when the number of times the MAC address flaps reaches 5. |
Time |
Start time and end time MAC address flapping occurs. |
VLAN/BD |
VLAN or VXLAN BD where MAC address flapping occurs. NOTE:
Information including the BD is displayed only on the VXLAN-capable device. |
MAC Address |
Flapping MAC address. |
Original-Port |
Interface that learns the MAC address first. |
Move-Ports |
Interface that learns the MAC address later. Multiple interfaces can learn the MAC address later. |
MoveNum |
Number of times the MAC address flaps. NOTE:
The maximum value is 65535. Even when the number of times the MAC address flaps is larger than 65535, the value of MoveNum is still 65535. |
display mac-address forward-engine
Format
display mac-address mac-address vlan vlan-id slot slot-id forward-engine
Only CE6870EI support this command.
Parameters
Parameter |
Description |
Value |
|---|---|---|
mac-address |
Specifies the destination MAC address in an entry. |
The value is in H-H-H format. H is a hexadecimal number of 4 digits, for example, 00e0 and fc01. If you enter fewer than four digits, 0s are prefixed to the input digits. For example, if you enter e0, the system changes e0 to 00e0. The MAC address cannot be FFFF-FFFF-FFFF, or a multicast MAC address. |
vlan vlan-id |
Displays MAC address entries in a specified VLAN. |
The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command. |
slot slot-id |
Displays MAC address entries in a specified slot. |
The value is an integer and must be the slot ID of a running board. |
Usage Guidelines
The MAC address table of the switch stores MAC addresses of other devices. When forwarding an Ethernet frame, the switch searches the MAC address table for the outbound interface according to the destination MAC address and VLAN ID in the Ethernet frame.
If packets are forwarded in unicast mode and MAC address entries cannot be queried using the display mac-address or display mac-address dynamic command, you can use this command to check whether there are MAC address entries in the chip.
If there are multiple chips in the LPU of the specified slot, MAC address entries are displayed based on the chip ID.
Example
# Display the MAC address entry with MAC address 749d-8f4c-dadc and VLAN 1 of the LPU in slot 1.
<HUAWEI> display mac-address 749d-8f4c-dadc vlan 1 slot 1 forward-engine
---- Flags: * - Backup
-------------------------------------------------------------------------------
MAC Address VLAN/VSI/BD Learned-From Type Age
-------------------------------------------------------------------------------
749d-8f4c-dadc 1/- 10GE4/0/12 dynamic -
-------------------------------------------------------------------------------
Total items on chip 0: 1
Item |
Description |
|---|---|
Backup |
Backup way. |
MAC Address |
Destination MAC address in a MAC address entry. |
VLAN/VSI/BD |
ID of the VLAN or name of the VSI or the ID of BD that a MAC address belongs to. |
Learned-From |
Interface that learns a MAC address. On a VPLS network, if a MAC address is learned on a PW-side interface, this field displays the peer IP address of the PW. |
Type |
Type of a MAC address entry.
|
Age |
Dynamic MAC learned time in seconds. |
display mac-address hash-conflict
Function
The display mac-address hash-conflict command displays the MAC address that cannot be added to the chip due to the hash conflict.
The CE6870EI, CE6881, CE5881, CE6881K, CE6820, CE6863, CE6863K, CE6881E do not support this command.
Format
display mac-address hash-conflict [ mac-address { vlan vlan-id | bridge-domain bd-id } ] [ slot slot-id ]
Parameters
Parameter |
Description |
Value |
|---|---|---|
mac-address |
Specifies the MAC address to be queried. |
The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits. |
vlan vlan-id |
Specifies the ID of a VLAN. |
The value is an integer that ranges from 1 to 4094. |
bridge-domain bd-id |
Specifies the ID of a bridge domain (BD). NOTE:
This parameter is only supported by the VXLAN-capable device. |
The value is an integer that ranges from 1 to 16777215. |
slot slot-id |
Specifies the slot ID. |
The value is an integer or a character string. You can enter the question mark (?) and select the value as prompted. |
Usage Guidelines
Usage Scenario
When a MAC address cannot be learned by the chip, you can run the command with the MAC address and VLAN ID specified to query conflicting MAC addresses in the hash bucket.
Precautions
If the MAC address and VLAN ID are not specified, this command displays only historical conflicting MAC addresses.
If the MAC address and VLAN ID are specified, this command displays current and historical conflicting MAC addresses.
If the device uses multiple chips, only the chip that first detects conflicts displays historical conflicting records and other chips only displays current conflicting records.
Example
<HUAWEI> display mac-address hash-conflict 0010-1100-3710 vlan 1111
Flags: * - Current MAC address in the hash bucket of the chip
_ - Internal bridge domain resource
BD : bridge-domain
-------------------------------------------------------------------------------
Slot: 1 Chip: 0
-------------------------------------------------------------------------------
MAC Address VLAN/BD Conflicting MAC Address Time
-------------------------------------------------------------------------------
0010-1100-3710 1111/- 0010-1100-7bd2* -
0010-1100-6bd7* -
0010-1100-08a7* -
0010-1100-20c9* -
0010-1100-7c0e* -
0010-1100-6c0b* -
0010-1100-0f7b* -
0010-1100-4465* -
0010-1100-1f7e* -
0010-1100-30cc* -
0010-1100-18a2* -
0010-1100-53bc* -
0010-1100-2715* -
0010-1100-43b9* -
0010-1100-7bd2 2017-02-01 14:32:23
0010-1100-6bd7 2017-02-01 14:32:23
0010-1100-08a7 2017-02-01 14:32:23
0010-1100-20c9 2017-02-01 14:32:23
0010-1100-7c0e 2017-02-01 14:32:23
0010-1100-6c0b 2017-02-01 14:32:23
0010-1100-0f7b 2017-02-01 14:32:23
0010-1100-4465 2017-02-01 14:32:23
0010-1100-1f7e 2017-02-01 14:32:23
0010-1100-30cc 2017-02-01 14:32:23
0010-1100-18a2 2017-02-01 14:32:23
0010-1100-53bc 2017-02-01 14:32:23
0010-1100-2715 2017-02-01 14:32:23
0010-1100-43b9 2017-02-01 14:32:23
-------------------------------------------------------------------------------
Item |
Description |
|---|---|
Slot |
Slot ID. |
Chip |
Chip ID. |
MAC Address |
- |
VLAN/BD |
VLAN or VXLAN BD where a MAC address conflict occurs.
NOTE:
BD information is displayed only on the VXLAN-capable device. |
Conflicting MAC Address |
The conflicting MAC address is detected. The value that is marked with the asterisk (*) indicates the current conflicting MAC address, and the value that is not marked with the asterisk (*) indicates the historical conflicting MAC address. |
Time |
Time at which the historical conflict is recorded. For the historical conflicting MAC address, detailed time is displayed. For the current historical conflicting MAC address, the value is displayed as -. |
display mac-address hash-mode
Function
The display mac-address hash-mode command displays the running hash mode and configured hash mode on the device.
Only the CE6856HI, CE6857E, CE6857EI, CE6865EI, CE8850EI, CE8861EI, and CE8868EI series support this command.
Usage Guidelines
Usage Scenario
After a hash mode is configured, you can run the display mac-address hash-mode command to check the configuration.
Precautions
After the hash algorithm is changed, restart the device for the configuration to take effect.
Example
# Display the running hash mode and configured hash mode on the device.
<HUAWEI> display mac-address hash-mode Mac-address hash mode status: -------------------------------------------- Slot CurMode CfgMode -------------------------------------------- 1 crc16-lower crc32-lower --------------------------------------------
Item |
Description |
|---|---|
Slot |
Stack ID. |
CurMode |
Running hash mode on the device. |
CfgMode |
Configured hash mode on the device. |
display mac-address mux
Function
The display mac-address mux command displays MUX MAC address entries.
The CE9860EI does not support this command.
Format
display mac-address mux [ vlan vlan-id | interface interface-type interface-number ] * [ verbose ]
Parameters
Parameter |
Description |
Value |
|---|---|---|
vlan vlan-id |
Displays MUX MAC address entries in a specified VLAN. |
The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command. |
interface interface-type interface-number |
Displays MUX MAC address entries with a specified outbound interface.
|
- |
verbose |
Displays detailed information about MAC address entries. |
- |
Usage Guidelines
Usage Scenario
The MUX VLAN function isolates Layer 2 traffic between interfaces in a VLAN. A MUX MAC address entry is learned by a MUX VLAN enabled interface. The learned MUX MAC address entries are deleted after the switch restarts.
After configuring the MUX VLAN function, you can run the display mac-address mux command to check whether the learned MUX MAC address entries are correct.
Follow-up Procedure
If the displayed MUX MAC address entries are invalid, run the undo mac-address command to delete MUX MAC address entries.
Precautions
If you run the display mac-address mux command without parameters, all MUX MAC address entries are displayed.
If the MAC address table does not contain any MUX MAC address entry, no information is displayed.
- The displayed information is repeatedly refreshed, so you cannot find the required information.
- The system traverses and retrieves information for a long time, and does not respond to any request.
Example
# Display all MUX MAC address entries.
<HUAWEI> display mac-address mux Flags: * - Backup # - forwarding logical interface, operations cannot be performed based on the interface. BD : bridge-domain Age : dynamic MAC learned time in seconds ------------------------------------------------------------------------------- MAC Address VLAN/VSI/BD Learned-From Type Age ------------------------------------------------------------------------------- 0022-0022-0033 100/-/- 10GE1/0/2 mux 325649 ------------------------------------------------------------------------------- Total items: 1
Item |
Description |
|---|---|
Backup |
Backup way. |
MAC Address |
Destination MAC address in a MUX MAC address entry. |
VLAN/VSI/BD |
NOTE:
Information including the BD is displayed only on the VXLAN-capable device. |
Learned-From |
Interface that learns a MAC address. |
Type |
Type of a MAC address entry. |
Age |
Dynamic MAC learned time in seconds. |
display mac-arp statistics
Function
The display mac-arp statistics command displays statistics on synchronization of MAC address entries and ARP entries.
Parameters
| Parameter | Description | Value |
|---|---|---|
| all | Displays statistics in all slots. |
- |
| slot slot-id | Displays statistics in the specified slot. |
- |
Usage Guidelines
Statistics on packets successfully sent to the FES.
Statistics on failures to obtain an FES process ID, failures to apply for the memory, flow control, and messages that fail to be sent.
Statistics on the added, updated, and deleted ARP entries on the ARP module.
Example
# Display statistics on the synchronization of MAC address entries and ARP entries in slot 1.
<HUAWEI> display mac-arp statistics slot 1
----------------------------------------------------------------------
SlotID : 1
Succeed to send message to FES : 0
Failed to get FES pid : 0
Failed to malloc memory : 0
Message flow control happened : 0
Failed to send message to FES : 0
Receive add/update from ARP : 0
Receive delete from ARP : 0
----------------------------------------------------------------------
Item |
Description |
|---|---|
SlotID |
Slot ID. |
Succeed to send message to FES |
Statistics on messages that are successfully sent to the FES. |
Failed to get FES pid |
Statistics on failures in obtaining an FES process ID. |
Failed to malloc memory |
Statistics on failures in applying for memory. |
Message flow control happened |
Statistics on flow control failures. |
Failed to send message to FES |
Number of messages failed to be sent to the FES. |
Receive add/update from ARP |
Statistics on the added and updated ARP entries. |
Receive delete from ARP |
Statistics on deleted ARP entries. |
display mac-nd statistics
Function
The display mac-nd statistics command displays statistics on the synchronization of MAC address entries and ND entries.
Parameters
| Parameter | Description | Value |
|---|---|---|
| all | Displays statistics in all slots. |
- |
| slot slot-id | Displays statistics in the specified slot. |
- |
Usage Guidelines
Statistics on packets successfully sent to the FES.
Statistics on failures to obtain an FES process ID, failures to apply for the memory, flow control, and messages that fail to be sent.
Statistics on the added, updated, and deleted ND entries on the ND module.
Example
# Display statistics on the synchronization of MAC address entries and ND entries in slot 1.
<HUAWEI> display mac-nd statistics slot 1
----------------------------------------------------------------------
SlotID : 1
Succeed to send message to FES : 0
Failed to get FES pid : 0
Failed to malloc memory : 0
Message flow control happened : 0
Failed to send message to FES : 0
Receive add/update from ND : 0
Receive delete from ND : 0
----------------------------------------------------------------------
Item |
Description |
|---|---|
SlotID |
Slot ID. |
Succeed to send message to FES |
Statistics on messages that are successfully sent to the FES. |
Failed to get FES pid |
Statistics on failures in obtaining an FES process ID. |
Failed to malloc memory |
Statistics on failures in applying for memory. |
Message flow control happened |
Statistics on flow control failures. |
Failed to send message to FES |
Number of messages failed to be sent to the FES. |
Receive add/update from ND |
Statistics on the added and updated ND entries. |
Receive delete from ND |
Statistics on deleted ND entries. |
display mac-address peer-synchronization configuration
Function
The display mac-address peer-synchronization configuration command displays information about MAC address table synchronization between devices.
Usage Guidelines
After the M-LAG is configured in dual-active networking, two devices in the LAG forward traffic. The MAC address entries on two devices must be consistent so that the two devices in the LAG can forward packets in unicast mode. After synchronization of MAC address tables between devices is enabled, the two devices synchronize MAC address tables.
If MAC address tables of devices in the LAG are inconsistent, you can run this command to check information about MAC address table synchronization between devices, including periodic/real-time synchronization of MAC address tables between devices and MAC address table synchronization packet receiving.
Example
# Display information about MAC address table synchronization between devices.
<HUAWEI> display mac-address peer-synchronization configuration
---------------------------------
Realtime Periodical Receive
---------------------------------
Disable Disable Disable
---------------------------------
Item |
Description |
|---|---|
Realtime |
Whether real-time synchronization of MAC address tables between devices is enabled. |
Periodical |
Whether periodic synchronization of MAC address tables between devices is enabled. |
Receive |
Whether the device is enabled to receive MAC address table synchronization packets. |
display mac-address statistics
Function
The display mac-address statistics command displays types and number of returned codes related to MAC addresses.
Parameters
Parameter |
Description |
Value |
|---|---|---|
insert slot slot-id |
Displays types and number of returned codes during MAC address delivery in the specified slot. |
- |
remove slot slot-id |
Displays types and number of returned codes during MAC address deletion in the specified slot. |
- |
Usage Guidelines
You can run this command to check types and number of returned codes during MAC address delivery or deletion, which helps you determine whether a problem occurs during MAC address delivery or deletion.
Example
# Display types and number of returned codes during MAC address delivery in slot 1.
<HUAWEI> display mac-address statistics insert slot 1
-------------------------------------------------------------------------------
MAC type Ok Err Internal Param Full Exist Timeout
-------------------------------------------------------------------------------
DYNAMIC 0 0 0 0 0 0 0
STATIC 0 0 0 0 0 0 0
BLACKHOLE 2 0 0 0 0 0 0
OAM 0 0 0 0 0 0 0
MUXVLAN 0 0 0 0 0 0 0
SECMAC 0 0 0 0 0 0 0
STICKYMAC 0 0 0 0 0 0 0
MUXVLAN_REMOTE 0 0 0 0 0 0 0
DHCP_STICKY 0 0 0 0 0 0 0
VM 0 0 0 0 0 0 0
# Display types and number of returned codes during MAC address deletion in slot 1.
<HUAWEI> display mac-address statistics remove slot 1
-------------------------------------------------------------------------------
MAC type Ok Err Internal Param Empty Notfound Timeout
-------------------------------------------------------------------------------
DYNAMIC b 0 0 0 0 0 0
STATIC 0 0 0 0 0 0 0
BLACKHOLE 0 0 0 0 0 0 0
OAM 0 0 0 0 0 0 0
MUXVLAN 0 0 0 0 0 0 0
SECMAC 0 0 0 0 0 0 0
STICKYMAC 0 0 0 0 0 0 0
MUXVLAN_REMOTE 0 0 0 0 0 0 0
DHCP_STICKY 0 0 0 0 0 0 0
VM 0 0 0 0 0 0 0
Item |
Description |
|---|---|
MAC type |
Type of a MAC address.
|
Ok |
Normal code, hexadecimal number. |
Err |
Error code, hexadecimal number. |
Internal |
Internal error. |
Param |
Parameter error. |
Full |
The chip is fully loaded. |
Empty |
No MAC address exists in the chip. |
Notfound |
The chip has no MAC address to delete. |
Exist |
The chip has the MAC address to deliver. |
Timeout |
Timeout of deleting a MAC address in the chip. |
display mac-address statistics vfe
Function
The display mac-address statistics vfe command displays statistics on messages sent and failed to be sent by the FEI to the VFE.
Parameters
| Parameter | Description | Value |
|---|---|---|
| slot slot-id | Displays statistics on messages sent and failed to be sent by the FEI to the VFE in the specified slot. |
- |
Usage Guidelines
When interface security or MAC address flapping faults occur, you can run this command to check types of messages sent by the FEI on a MAC module to the VFE and check whether messages are successfully sent by the FEI to the VFE. The command output helps you locate causes.
Example
# Display statistics on messages sent and failed to be sent by the FEI to the VFE in slot 1.
<HUAWEI> display mac-address statistics vfe slot 1
-----------------------------------------------------------------------
Total receive success number : 387139
Total receive fail number : 1
-----------------------------------------------------------------------
Message type Success Fail
-----------------------------------------------------------------------
STATIC 0 0
VFE_MAC_BLACKHOLE 2 0
VFE_MAC_QUERY 0 0
VFE_MAC_L2MOD 74266 0
VFE_MAC_AGE 0 0
VFE_MAC_VLANMACLIMIT 0 0
VFE_MAC_PORTMACLIMIT 0 0
VFE_MAC_PORTSEC 0 0
VFE_MAC_PORTSEC_TABLE 0 0
VFE_MAC_PORTSEC_EUM_ACK 0 0
VFE_MAC_PORTSEC_LIMIT 0 0
VFE_MAC_PORTSEC_IFMACK 9 0
VFE_MAC_MACLEARN_BYVLAN 0 0
VFE_MAC_MACLEARN_BYPORT 0 0
VFE_MAC_FLAPPING 0 0
VFE_EVTNTF_START 406 1
VFE_MAC_ADD 0 0
VFE_MAC_DEL 9 0
VFE_MAC_DEL_DYN 0 0
VFE_MAC_ARPTIMER 42207 0
VFE_MAC_ARPTBL 0 0
VFE_MAC_EUM_UPLOAD 0 0
VFE_MAC_EUM_QUERY 0 0
VFE_MAC_RESTORE_TIMER 42207 0
VFE_MAC_MACLIMIT_TIMER 0 0
VFE_MAC_PORTSEC_UP_TIMER 42207 0
VFE_MAC_PORTSEC_ERR_TIMER 42207 0
VFE_MAC_PORTSEC_SUPP_TIMER 1406 0
VFE_MAC_SYN 0 0
VFE_MAC_MFLAPPING_TIMER 42207 0
VFE_MAC_MFLAP_GLOBAL_ATTR 0 0
VFE_MAC_MFLAP_ERRDOWN_ATTR 0 0
VFE_MAC_MFLAPPING_RSTTBL 0 0
VFE_MAC_MFLAPPING_IFM_ACK 9 0
VFE_MAC_GET_SYSMAC 1 0
VFE_MAC_MACSYN 0 0
VFE_MAC_MACSYN_PERIOD 42207 0
VFE_MAC_MACTBLSYN_TIMER 42207 0
VFE_MAC_ARPSTAT_QUERY 0 0
VFE_MAC_VPLS_MAC 0 0
VFE_MAC_CHIPJOINVS 0 0
VFE_MAC_DEL_BYCHIP 0 0
VFE_MAC_ILLEGAL_TRAP_TIMER 1406 0
VFE_MAC_ILLEGAL 0 0
VFE_MAC_VPLS_BLACKHOLE 0 0
VFE_MAC_DEL_DRVMAC 0 0
VFE_MAC_DELMAC_TIMER 14069 0
VFE_MAC_SYN_COUNT 0 0
VFE_MAC_DEL_HIT_FALG 105 0
VFE_MAC_REFRESH_TRILL_MAC 0 0
VFE_MAC_ALARM_RESTRAIN 0 0
VFE_MAC_ADD_EVN 0 0
VFE_MAC_DEL_EVN 0 0
VFE_MAC_MACTRAP 0 0
VFE_MACTRAP_TIMER 0 0
VFE_MAC_CLEAR_MACMOVE_TABLE 0 0
VFE_MAC_PEER_MACSYN 0 0
VFE_MAC_PEER_DEL_HIT_FLAG 0 0
VFE_MAC_STATICMACFLP 0 0
VFE_MAC_FLOOD_RESET 0 0
VFE_MAC_BD_STATIC_ADD 0 0
VFE_MAC_BD_STATIC_DEL 0 0
VFE_MAC_MACDUAL_PERIODIC 0 0
VFE_MAC_EVN_TNLARP 0 0
VFE_MAC_MACDUAL_MLAGSYN 0 0
VFE_MAC_CLR_PERR_FLAG 0 0
VFE_MAC_ND 0 0
VFE_MAC_CFG 2 0
-----------------------------------------------------------------------
Item |
Description |
|---|---|
Total receive success number |
Total number of sent messages. |
Total receive fail number |
Total number of messages failed to be sent. |
Message type |
Message type. |
Success |
Number of sent messages. |
Fail |
Number of messages failed to be sent. |
STATIC |
Static MAC address. |
VFE_MAC_BLACKHOLE |
Blackhole MAC address. |
VFE_MAC_QUERY |
MAC query. |
VFE_MAC_L2MOD |
Message sent by the L2MOD thread. |
VFE_MAC_AGE |
MAC address entry aging message. |
VFE_MAC_VLANMACLIMIT |
VLAN-based MAC limit message. |
VFE_MAC_PORTMACLIMIT |
Port-based MAC limit message. |
VFE_MAC_PORTSEC |
Port security configuration delivery message. |
VFE_MAC_PORTSEC_TABLE |
Security MAC address delivery. |
VFE_MAC_PORTSEC_EUM_ACK |
Message sent by the FEI to the VFE after the FEI receives an acknowledgement message from the EUM. |
VFE_MAC_PORTSEC_LIMIT |
Port security message generated when the number of MAC addresses reaches the upper threshold. |
VFE_MAC_PORTSEC_IFMACK |
IFM Error Down Ack message. |
VFE_MAC_MACLEARN_BYVLAN |
VLAN-based MAC address learning. |
VFE_MAC_MACLEARN_BYPORT |
Port-based MAC address learning. |
VFE_MAC_FLAPPING |
MAC address flapping configuration delivery message. |
VFE_EVTNTF_START |
Number of internal events between the MAC module and VLAN module. |
VFE_MAC_ADD |
MAC address delivery message. |
VFE_MAC_DEL |
MAC address entry deletion message. |
VFE_MAC_DEL_DYN |
Dynamic MAC address entry deletion message. |
VFE_MAC_ARPTIMER |
Timer of synchronization of MAC address entries and ARP entries. |
VFE_MAC_ARPTBL |
ARP entry message sent from Layer 3 ADP. |
VFE_MAC_EUM_UPLOAD |
Security MAC addresses reported by the VFE to the EUM. |
VFE_MAC_RESTORE_TIMER |
MAC software entry deletion timer. |
VFE_MAC_MACLIMIT_TIMER |
MAC-limit alarm clearance timer. |
VFE_MAC_PORTSEC_UP_TIMER |
Port security report timer. |
VFE_MAC_PORTSEC_ERR_TIMER |
Error Down suppression timer. |
VFE_MAC_PORTSEC_SUPP_TIMER |
Alarm suppression timer. |
VFE_MAC_SYN |
MAC synchronization packets. |
VFE_MAC_MFLAPPING_TIMER |
MAC flapping timer. |
VFE_MAC_MFLAP_GLOBAL_ATTR |
MAC flapping global configuration. |
VFE_MAC_MFLAP_ERRDOWN_ATTR |
MAC flapping error down configuration. |
VFE_MAC_MFLAPPING_RSTTBL |
MAC flapping reset table processing. |
VFE_MAC_MFLAPPING_IFM_ACK |
IFM ACK message received on the MAC address flapping module. |
VFE_MAC_GET_SYSMAC |
System MAC address obtaining message. |
VFE_MAC_MACSYN |
Processing of MAC address synchronization packets. |
VFE_MAC_MACSYN_PERIOD |
Periodic processing of MAC address synchronization packets. |
VFE_MAC_MACTBLSYN_TIMER |
Software and hardware entry timer. |
VFE_MAC_ARPSTAT_QUERY |
Statistics on the synchronization of MAC address entries and ARP entries. |
VFE_MAC_VPLS_MAC |
VPLS static MAC address message processing. |
VFE_MAC_CHIPJOINVS |
Message indicating the chip is added to or removed from the VS. |
display mac-address synchronization configuration
Function
The display mac-address synchronization configuration command displays the MAC address synchronization status.
Parameters
Parameter |
Description |
Value |
|---|---|---|
all |
Displays the MAC address synchronization status in all slots. |
- |
slot slot-id |
Displays the MAC address synchronization status in the specified slot. |
- |
Usage Guidelines
When the MAC address software and hardware tables are not synchronized, you can run this command to check whether the MAC address software table in all slots or in a slot is synchronized and whether MAC address software and hardware tables are synchronized, including the real-time synchronization status, periodic synchronization status, receiver's synchronization status, learning synchronization status of MAC address software and hardware tables, and aging synchronization status.
Example
# Display the MAC address synchronization status in all slots.
<HUAWEI> display mac-address synchronization configuration all
--------------------------------------------------------------------------
SlotID Realtime Periodical Receive Chip-learning Chip-aging
--------------------------------------------------------------------------
1 Enable Enable Enable Enable Enable
--------------------------------------------------------------------------
Item |
Description |
|---|---|
SlotID |
Slot ID. |
Realtime |
Real-time synchronization status in software entries. |
Periodical |
Periodic synchronization status in software entries. |
Receive |
Receiving synchronization status in software entries. |
Chip-learning |
Learning synchronization status in software and hardware entries. The special character (-) indicates that learning synchronization is not supported. |
Chip-aging |
Aging synchronization status in software and hardware entries. |
Enable |
The real-time, periodic, receiving, learning, and aging synchronization of MAC addresses is enabled. |
Disable |
The real-time, periodic, receiving, learning, and aging synchronization of MAC addresses is disabled. |
display mac-address static
Format
display mac-address static [ vlan vlan-id | interface interface-type interface-number ] * [ verbose ]
Parameters
Parameter |
Description |
Value |
|---|---|---|
vlan vlan-id |
Displays static MAC address entries in a specified VLAN. |
The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command. |
interface interface-type interface-number |
Displays the static MAC address entries on a specified interface. |
- |
verbose |
Displays detailed information about static MAC address entries. |
- |
Usage Guidelines
Usage Scenario
The MAC address table of the switch stores MAC addresses of other devices. When forwarding an Ethernet frame, the switch searches the MAC address table for the outbound interface according to the destination MAC address and VLAN ID in the Ethernet frame.
- Static MAC entries that are manually configured and will not be aged out.
- Blackhole MAC address entries that are used to discard packets with the specified source MAC addresses or destination MAC addresses. Blackhole MAC address entries are manually configured and will not be aged out.
- Dynamic MAC address entries that are learned by the switch and will be aged out when the aging time expires.
To improve network security, configure static MAC address entries to ensure that packets destined for specified MAC addresses are forwarded by the specified interfaces. This prevents attack packets with bogus MAC addresses and guarantees communication between the switch and the upstream device or server. After configuring static MAC address entries, you can run the display mac-address static command to verify the configuration.
Follow-up Procedure
If any static MAC address entry is incorrect, run the undo mac-address command to delete it.
Precautions
If you run the display mac-address static command without parameters, all static MAC address entries are displayed.
If the MAC address table does not contain any static MAC address entry, no information is displayed.
Example
# Display all static MAC address entries.
<HUAWEI> display mac-address static Flags: * - Backup # - forwarding logical interface, operations cannot be performed based on the interface. BD : bridge-domain Age : dynamic MAC learned time in seconds ------------------------------------------------------------------------------- MAC Address VLAN/VSI/BD Learned-From Type Age ------------------------------------------------------------------------------- 0001-0001-0001 100/-/- 10GE1/0/1 static - ------------------------------------------------------------------------------- Total items: 1
Item |
Description |
|---|---|
Backup |
Backup way. |
MAC Address |
Destination MAC address in a static MAC address entry. |
VLAN/VSI/BD |
NOTE:
Information including the BD is displayed only on the VXLAN-capable device. |
Learned-From |
Interface that learns a MAC address. |
Type |
Type of a MAC address entry. |
Age |
Dynamic MAC learned time in seconds. |
display mac-address summary
Parameters
Parameter |
Description |
Value |
|---|---|---|
slot slot-id |
Displays statistics on MAC address entries of the device with the specified stack ID. |
The default value is 1 on an unstacked switch; the value depends on the number of stacked switches. |
Usage Guidelines
Usage Scenario
The MAC address table of the device stores MAC addresses of other devices. When forwarding an Ethernet frame, the switch searches the MAC address table for the outbound interface according to the destination MAC address and VLAN ID in the Ethernet frame.
When the switch has many MAC address entries of different types, you can use the display mac-address summary command to view the summary of MAC address entries in the system.
Precautions
If slot slot-id is specified, this command displays statistics on MAC address entries on the specified device. If this parameter is not specified, this command displays statistics on MAC address entries on all devices.
Example
# View statistics on all MAC address entries in the system.
<HUAWEI> display mac-address summary Summary information of slot 1: Capacity of this slot : 131072 ----------------------------------- Static : 0 Blackhole : 1 Dyn-Local : 0 Dyn-Remote : 0 Dyn-Trunk : 0 OAM : 0 Sticky : 0 Security : 0 Authen : 0 Guest : 0 Mux : 0 Tunnel : 0 Snooping : 0 Evn : 0 In-used : 1 -----------------------------------
Item |
Description |
|---|---|
Capacity of this slot |
Capacity of the MAC address table. The actual value varies according to device models. |
Static |
Number of static MAC address entries. |
Blackhole |
Number of blackhole MAC address entries |
Dyn-Local |
Number of MAC address entries learned by the local device. |
Dyn-Remote |
Number of MAC address entries synchronized from other device. |
Dyn-Trunk |
Total number of MAC address entries learned by all trunk interfaces. |
OAM |
Number of MAC address entries related to the OAM function. The device does not support OAM MAC addresses. |
Sticky |
Number of sticky MAC address entries. |
Security |
Number of secure dynamic MAC address entries. |
Authen |
Number of MAC address entries corresponding to authentication users. The device does not support authentication of MAC addresses. |
Guest |
Number of MAC address entries learned by interfaces in the guest VLAN. The device does not support MAC addresses learned by an interface in a guest VLAN. |
Mux |
Number of MAC address entries learned by interfaces enabled with the MUX VLAN function. |
Tunnel |
Number of MAC address entries learned by Layer 2 tunnel. |
Snooping |
Number of snooping MAC address entries. |
Evn |
Number of EVN MAC address entries. |
In-used |
Total number of existing MAC address entries. |
display mac-address total-number
Function
The display mac-address total-number command displays the number of MAC address entries of a specified type.
Format
display mac-address total-number [ slot slot-id ]
display mac-address total-number [ vlan vlan-id | interface interface-type interface-number ] *
display mac-address total-number { mux | security | sticky } [ vlan vlan-id | interface interface-type interface-number ] *
display mac-address total-number blackhole [ vlan vlan-id ]
display mac-address total-number dynamic [ vlan vlan-id | interface interface-type interface-number ] *
display mac-address total-number dynamic slot slot-id
display mac-address total-number static [ vlan vlan-id | interface interface-type interface-number ] *
display mac-address total-number snooping [ vlan vlan-id | interface interface-type interface-number ] *
display mac-address total-number tunnel [ slot slot-id ]
Parameters
Parameter |
Description |
Value |
|---|---|---|
slot slot-id |
Displays the number of MAC address entries of the device with a specified stack ID. |
The default value is 1 on an unstacked switch; the value depends on the number of stacked switches. |
mux |
Displays the number of MUX MAC address entries. NOTE:
CE9860EI does not support this parameter. |
- |
dynamic |
Displays the number of dynamic MAC address entries. |
- |
security |
Displays the number of secure dynamic MAC address entries. |
- |
sticky |
Displays the number of sticky MAC address entries. |
- |
blackhole |
Displays the number of blackhole MAC address entries. |
- |
static |
Displays the number of static MAC address entries. |
- |
snooping |
Displays the number of snooping MAC address entries. |
- |
vlan vlan-id |
Displays the number of MAC address entries in a specified VLAN. |
The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command. |
interface interface-type interface-number |
Displays the number of MAC address entries learned by a specified interface. |
- |
tunnel |
Displays the number of Tunnel MAC address entries. |
- |
Usage Guidelines
Usage Scenario
The MAC address table of the switch stores MAC addresses of other devices. When forwarding an Ethernet frame, the switch searches the MAC address table for the outbound interface according to the destination MAC address and VLAN ID in the Ethernet frame.
When the switch has many MAC address entries of different types, you can use the display mac-address total-number command to view statistics on MAC address entries of a specified type.
Precautions
If no parameter is specified, the total number of MAC address entries in the system is displayed.
If interface-type interface-number is not specified, the total number of MAC addresses learned by all interfaces is displayed.
If vlan vlan-id is not specified, the total number of MAC addresses in all VLANs is displayed.
Example
# Display the number of dynamic MAC address entries.
<HUAWEI> display mac-address total-number dynamic Total number of mac-address : 20
Item |
Description |
|---|---|
Total number of mac-address |
Total number of MAC address entries in the system. |
display mac-address tunnel
Function
The display mac-address tunnel command displays information about MAC address entries learned through Layer 2 tunnels.
The CE9860EI, CE5855E do not support this command.
Parameters
| Parameter | Description | Value |
|---|---|---|
verbose |
Displays detailed information about MAC address entries learned through Layer 2 tunnels. |
- |
Example
# Display information about MAC address entries learned through Layer 2 tunnels.
<HUAWEI> display mac-address tunnel Flags: * - Backup # - forwarding logical interface, operations cannot be performed based on the interface. BD : bridge-domain Age : dynamic MAC learned time in seconds ------------------------------------------------------------------------------- MAC Address VLAN/VSI/BD Learned-From Type Age ------------------------------------------------------------------------------- 0000-0000-0033 100/-/- 10GE1/0/1 tunnel 4294367295 0000-0000-0001 200/-/- 10GE1/0/2 tunnel - ------------------------------------------------------------------------------- Total items: 2
Item |
Description |
|---|---|
MAC Address |
MAC address. |
VLAN/VSI/BD |
NOTE:
Information including the BD is displayed only on the VXLAN-capable device. |
Learned-From |
Interface on which a MAC address is learned. |
Type |
Type of a MAC address entry.
|
Age |
Dynamic MAC learned time in seconds. |
display mac-address limit
Function
The display mac-address limit command displays the rules that limit the number of learned MAC addresses.
Format
display mac-address limit [ interface-type interface-number | vlan vlan-id ]
display mac-address limit nve nve-number peer ip-address
The CE9860EI, CE5855E, and CE6820 do not support display mac-address limit nve.
Parameters
Parameter |
Description |
Value |
|---|---|---|
interface-type interface-number |
Displays the MAC address limiting rule on a specified interface.
|
- |
vlan vlan-id |
Displays the MAC address limiting rules in a specified VLAN. |
The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command. |
nve nve-number |
Specifies the ID of an NVE interface on which a MAC address learning limit rule has been configured for a static VXLAN tunnel's remote VTEP. |
The value is an integer that varies according to different devices. |
peer ip-address |
Specifies the IP address of a remote VTEP |
The value is in dotted decimal notation. |
Usage Guidelines
Usage Scenario
To check whether MAC address limiting rules are configured correctly, run the display mac-address limit command. If a rule is incorrect, run the mac-address limit command to modify the rule or run the undo mac-address limit all command to delete it.
Precautions
If no parameter is specified, MAC address learning limit rules of all interfaces and VLANs are displayed.
Example
# Display all the MAC address limiting rules.
<HUAWEI> display mac-address limit
MAC Address Limit is enabled
Total MAC Address limit rule count : 1
Port VLAN/VSI/SI/BD Slot Maximum Action Alarm
-------------------------------------------------------------------
10GE1/0/1 2 -- 100 forward enable
<HUAWEI> display mac-address limit nve 1 peer 2.2.2.2
Nve1 Peer 2.2.2.2 MAC limit:
Maximum MAC count 1000, used count 0
Action: forward, Alarm: enable
Item |
Description |
|---|---|
MAC Address Limit is enabled |
Indicates that MAC address learning limit is enabled. |
Total MAC Address limit rule count |
Indicates the total number of MAC address learning limit rules. |
Port |
Interface name. |
VLAN/VSI/SI/BD |
Indicates the VLAN ID, VSI name, Service Instance (SI) name or BD name to which the interface belongs.
NOTE:
Information including the BD is displayed only on the VXLAN-capable device. |
Maximum |
Maximum number of MAC addresses that can be learned. To set the maximum number of MAC addresses, run the mac-address limit command. |
Action |
Action performed on packets when the number of learned MAC addresses exceeds the maximum number. |
Alarm |
Whether an alarm is generated when the number of learned MAC addresses exceeds the maximum.
|
Maximum MAC count 1000, used count 0 |
Indicates the maximum number of MAC addresses that can be learned and the number of MAC addresses that have been learned. |
drop illegal-mac enable
Function
The drop illegal-mac enable command enables the switch to discard packets with an all-0 invalid MAC address.
The undo drop illegal-mac enable command disables the switch from discarding packets with an all-0 invalid MAC address.
By default, the switch does not discard packets with an all-0 MAC address.
CE6870EI, CE6881, CE5881, CE6881K, CE6820, CE6863, CE6863K, CE6881E do not support this function.
Usage Guidelines
Usage Scenario
Some legacy computers or network devices may send packets with an all-0 source or destination MAC address when their network adapters fail. You can run the drop illegal-mac enable command to configure the switch to discard such packets. After receiving the packets with an all-0 source or destination MAC address, the switch discards the packets and generates alarms.
This command reduces incorrect MAC address entries on the device.
Precautions
If the alarm function is disabled on the device, the network management system cannot receive any alarm message.
mac-address aging-time
Function
The mac-address aging-time command sets the aging time of dynamic MAC address entries.
The undo mac-address aging-time command restores the default aging time of dynamic MAC address entries.
By default, the aging time of dynamic MAC address entries is 300 seconds.
Parameters
Parameter |
Description |
Value |
|---|---|---|
aging-time |
Specifies the aging time of dynamic MAC address entries. |
The value is 0 or an integer that ranges from 60 to 1000000, in seconds. The default value is 300. The value 0 indicates that dynamic MAC address entries will not be aged out. |
Usage Guidelines
Usage Scenario
The network topology changes frequently, and the switch will learn many MAC addresses. You can run the mac-address aging-time command to set a proper aging time for dynamic MAC address entries so that aged MAC address entries are deleted from the MAC address table. This reduces MAC address entries in the MAC address table.
The system starts an aging timer for each dynamic MAC address entry. If a dynamic MAC address entry is not updated within a certain period (twice the aging time), the entry is deleted. If the entry is updated within this period, the aging timer of this entry is reset. If the aging time is short, the switch is sensitive to network changes.
When setting the aging time of dynamic MAC address entries, follow these rules:
- Set a longer aging time on a stable network and a shorter aging time on an unstable network.
- The capacity of the MAC address table on a low end device is small; therefore, set a relatively short aging time on low end devices to save the MAC address table space.
Precautions
Dynamic MAC address entries are lost after system restart. Static MAC address entries and blackhole MAC address entries are not aged or lost.
If the aging time is 0, dynamic MAC addresses will not be aged out. In this case, MAC address entries increase sharply and the MAC address table will be full quickly.
If you run the mac-address aging-time command multiple times, only the latest configuration takes effect.
mac-address blackhole
Function
The mac-address blackhole command configures a blackhole MAC address entry.
The undo mac-address blackhole command deletes a blackhole MAC address entry.
By default, no blackhole MAC address entry is configured.
Format
mac-address blackhole mac-address vlan vlan-id
undo mac-address blackhole [ mac-address ] [ vlan vlan-id ]
Parameters
Parameter |
Description |
Value |
|---|---|---|
mac-address |
Specifies the MAC address in a blackhole MAC address entry. |
The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits. The MAC address cannot be FFFF-FFFF-FFFF or a multicast MAC address. |
vlan vlan-id |
Specifies the VLAN ID in a blackhole MAC address entry. |
The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command. |
Usage Guidelines
Usage Scenario
Blackhole MAC address entries can be used to filter out invalid MAC addresses. To prevent a hacker from using a MAC address to attack a user device or network, configure the MAC address of an untrusted user as the blackhole MAC address. The switch directly discards the received packets where the source or destination MAC address is the blackhole MAC address and the VLAN ID of the packets corresponds to the blackhole MAC address.
Prerequisites
The interface has been added to a VLAN.
Precautions
- If you configure a blackhole MAC address entry when the MAC address table is full, the device processes the MAC address entry as follows:
- If a dynamic MAC address entry with the same MAC address and VLAN ID exists in the MAC address table, the blackhole MAC address entry replaces the dynamic MAC address entry.
- If no dynamic MAC address entry with the same MAC address and VLAN ID exists in the MAC address table, the blackhole MAC address entry cannot be added to the MAC address table.
- You can run the mac-address blackhole command multiple times to configure multiple blackhole MAC address entries.
mac-address flapping aging-time
Function
The mac-address flapping aging-time command sets the aging time of flapping MAC addresses.
The undo mac-address flapping aging-time command restores the default aging time of flapping MAC addresses.
By default, the aging time of flapping MAC addresses is 300 seconds.
Parameters
Parameter |
Description |
Value |
|---|---|---|
aging-time |
Specifies the aging time of flapping MAC addresses. |
The value is an integer that ranges from 60 to 900, in seconds. |
Usage Guidelines
Usage Scenario
If modifying the aging time of flapping MAC address entries takes a long time, MAC address flapping may occur again and the Error-Down time may be increased. To ensure that the system performs MAC address flapping detection in a timely manner, run the mac-address flapping aging-time command to shorten the aging time of flapping MAC addresses.
Precautions
If you run the mac-address flapping aging-time command multiple times, only the latest configuration takes effect.
mac-address flapping detection
Function
The mac-address flapping detection command enables MAC address flapping detection.
The undo mac-address flapping detection command disables MAC address flapping detection.
By default, MAC address flapping detection is enabled. The detection security level is middle.
Format
mac-address flapping detection [ security-level { low | middle | high } ]
undo mac-address flapping detection [ security-level { low | middle | high } ]
Parameters
| Parameter | Description | Value |
|---|---|---|
security-level |
Enables or disables MAC address flapping detection with a specific security level. |
- |
low |
Specifies a low security level for MAC address flapping detection. Specifically, after MAC addresses change for 500 times, the system considers that MAC address flapping occurs. |
- |
middle |
Specifies a middle security level for MAC address flapping detection. Specifically, after MAC addresses change for 10 times, the system considers that MAC address flapping occurs. |
- |
high |
Specifies a high security level for MAC address flapping detection. Specifically, after MAC addresses change for 3 times, the system considers that MAC address flapping occurs. |
- |
Usage Guidelines
MAC address flapping occurs when a MAC address is learned by two interfaces in the same VLAN. The MAC address entry learned later replaces the earlier one.
MAC address flapping occurs in the following situations:
- Network cables of switches are connected incorrectly or switches use incorrect configurations.
- Unauthorized users simulate MAC address of valid network devices to attack the network.
MAC address flapping detection enables the Switch to check all MAC addresses. When MAC address flapping occurs, the Switch sends a trap message to the NMS. You can locate the fault according to the trap message. You can also run the display mac-address flapping command to view MAC address flapping records.
By default, MAC address triggered ARP entry update is enabled. If MAC address flapping occurs for more than 10 times, MAC address triggered ARP entry update is disabled. After MAC address flapping is eliminated, MAC address triggered ARP entry update is enabled automatically.
The undo mac-address flapping detection command disables MAC address flapping from being detected. In this case, a network loop cannot be detected in time.
mac-address flapping detection exclude
Function
The mac-address flapping detection exclude command adds a MAC address to the flapping detection whitelist, so that the MAC address flapping detection will not be performed for the MAC address.
The undo mac-address flapping detection exclude command deletes a MAC address from the flapping detection whitelist.
By default, no MAC address is added to the MAC flapping detection whitelist.
Format
mac-address flapping detection exclude mac-address mac-address-mask
undo mac-address flapping detection exclude mac-address mac-address-mask
Parameters
| Parameter | Description | Value |
|---|---|---|
| mac-address | Specifies a MAC address. |
The value is in the format of H-H-H. H is a 4-digit hexadecimal number, such as 00e0 and fc01. If an H contains less than four hexadecimal digits, the first digits contained in the H are 0s. For example, if an H is e0, it is equal to 00e0. |
| mac-address-mask | Specifies a MAC address mask. |
The value is an integer ranging from 24 to 48. |
Usage Guidelines
By default, the system performs flapping detection for all MAC addresses. In some scenarios, for example, in a scenario where the flapping of a MAC address is caused by a specific device or operation faults, flapping detection does not need to be implemented for the MAC address, so flapping detection is not needed for this MAC address.
To disable the system from implementing flapping detection for a MAC address, run the mac-address flapping detection exclude command to add the MAC address to the MAC flapping detection whitelist. After configuration, if flapping occurs on the specific MAC address, no MAC flapping alarm or record is generated for this MAC address.
mac-address flapping detection exclude vlan
Function
The mac-address flapping detection exclude vlan command excludes a VLAN from MAC address flapping detection.
The undo mac-address flapping detection exclude vlan command restores MAC address flapping detection for a VLAN.
By default, the system performs MAC address flapping detection in all VLANs.
Format
mac-address flapping detection exclude vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
undo mac-address flapping detection exclude vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
Parameters
Parameter |
Description |
Value |
|---|---|---|
vlan-id1 [ to vlan-id2 ] |
Specifies the ID of a VLAN where MAC address flapping detection is not required.
vlan-id2 must be greater than vlan-id1. You can specify a maximum of 10 VLANs. |
The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command. |
all |
Indicates that all VLANs are excluded from MAC address flapping detection. |
- |
Usage Guidelines
Usage Scenario
By default, the system performs MAC address flapping detection in all VLANs. In a data center virtualization scenario (virtual terminal migration), MAC address flapping may occur. This is a normal situation where MAC address flapping detection is not required.
You can run the mac-address flapping detection exclude vlan command to exclude a VLAN from MAC address flapping detection. If MAC address flapping occurs in this VLAN, the virtual terminal does not send a trap message or record this event.
Precautions
If you run the mac-address flapping detection exclude vlan command multiple times, multiple VLANs are configured.
mac-address flapping periodical trap enable
Function
The mac-address flapping periodical trap enable command enables the function to periodically report MAC address flapping traps.
The undo mac-address flapping periodical trap enable command disables the function to periodically report MAC address flapping traps.
By default, the function to periodically report MAC address flapping traps is disabled.
Usage Guidelines
Usage Scenario
Configuring global MAC address flapping detection helps to check whether MAC addresses flap. If MAC address flapping occurs, a trap is generated. By default, a trap is reported every 30 minutes. To timely check whether MAC address flapping occurs, run the mac-address flapping periodical trap enable command to enable the function to periodically report MAC address flapping traps.
Follow-up Procedure
Run the mac-address flapping periodical trap interval interval command to set the interval at which MAC address flapping traps are reported.
mac-address flapping periodical trap interval
Function
The mac-address flapping periodical trap interval command sets the interval at which MAC address flapping traps are reported.
The undo mac-address flapping periodical trap interval command restores the default value.
By default, the interval at which MAC address flapping traps are reported is 2 minutes.
Format
mac-address flapping periodical trap interval interval
undo mac-address flapping periodical trap interval [ interval ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| interval | Specifies the interval at which MAC address flapping traps are reported. | The value is an integer ranging from 2 to 30, in minutes. |
Usage Guidelines
Usage Scenario
Configuring global MAC address flapping detection helps to check whether MAC addresses flap. If MAC address flapping occurs, a trap is generated. By default, a trap is reported every 30 minutes. To timely check whether MAC address flapping occurs, run the mac-address flapping periodical trap interval interval command to set the interval at which MAC address flapping traps are reported.
Prerequisites
The function to periodically report MAC address flapping traps has been enabled using the mac-address flapping periodical trap enable command.
mac-address flapping trigger error-down
Function
The mac-address flapping trigger error-down command configures an interface to enter the Error-Down state when MAC address flapping is detected on the interface.
The undo mac-address flapping trigger error-down command cancels the configuration.
By default, an interface is not configured to enter the Error-Down state when MAC address flapping is detected on the interface.
Parameters
Parameter |
Description |
Value |
|---|---|---|
error-down |
Shuts down an interface when MAC address flapping is detected on the interface. |
- |
Views
GE interface view, 10GE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, layer 2 sub-interface view, port group view
Usage Guidelines
Usage Scenario
If the user network where the device is deployed does not support loop prevention protocols, configure the device to shut down the interfaces where MAC address flapping occurs. This reduces the impact of MAC address flapping on the user network.
The device shuts down an interface when detecting MAC address flapping on the interface. Only one interface can be shut down during one aging time configured by the mac-address flapping aging-time command.
On VXLAN networks, MAC address flapping detection can be performed based on Layer 2 sub-interfaces. The device shuts down a Layer 2 sub-interface when detecting MAC address flapping on the sub-interface. Only one Layer 2 subinterface can be shut down within a MAC entry aging interval.
This command can be configured for all interfaces and is only valid for Move-Port.
Precautions
Do not run the mac-address flapping trigger error-down command on uplink interfaces.
The device enabled with MAC address flapping detection can only detect loops on a single point, but cannot obtain the entire network topology. If the user network connected to the device supports loop prevention protocols, use the loop prevention protocols instead of MAC address flapping detection.
When the action is set to error-down, if MAC address flapping occurs, the interface enters the Error-Down state and the device sends an alarm to the NMS. The device records the status of an interface as Error-Down when it detects that a fault occurs. The interface in Error-Down state cannot receive or send packets and the interface indicator is off. You can run the display error-down recovery command to check information about all interfaces in Error-Down state on the device.
Manual (after the interface enters the Error-Down state)
When there are few interfaces in Error-Down state, you can run the shutdown and undo shutdown commands in the interface view or run the restart command to restore the interface.
Auto (before the interface enters the Error-Down state)
If there are many interfaces in Error-Down state, the manual mode brings in heavy workload and the configuration of some interfaces may be ignored. To prevent this problem, run the error-down auto-recovery cause mac-address-flapping interval interval-value command in the system view to enable an interface in error-down state to go Up and set a recovery delay. You can run the display error-down recovery command to view automatic recovery information about the interface.
![]()
This mode is invalid for the interface that has entered the Error-Down state, and is only valid for the interface that enters the Error-Down state after the error-down auto-recovery cause mac-address-flapping interval interval-value command is used.
When the system detects MAC address flapping, the interface enters the Error-Down state. If faults are not rectified, you can run the shutdown and undo shutdown commands or the restart command to restart the interface. Within the aging time of dynamic MAC address entries, the interface does not enter the Error-Down state when MAC address flapping occurs.
mac-address hash-mode
Function
The mac-address hash-mode command configures a MAC hash algorithm on the device.
The undo mac-address hash-mode command restores the default MAC hash algorithm on the device.
By default, the device uses crc32-lower.
Only the CE6856HI, CE6857E, CE6857EI, CE6865EI, CE8850EI, CE8861EI, and CE8868EI series support this command.
Format
mac-address hash-mode { crc16-lower | crc16-upper | crc32-lower | crc32-upper | lsb }
undo mac-address hash-mode { crc16-lower | crc16-upper | crc32-lower | crc32-upper | lsb }
Parameters
Parameter |
Description |
Value |
|---|---|---|
crc16-lower |
Indicates the hash algorithm based on low order bits of CRC16. |
- |
crc16-upper |
Indicates the hash algorithm based on high order bits of CRC16. |
- |
crc32-lower |
Indicates the hash algorithm based on low order bits of CRC32. |
- |
crc32-upper |
Indicates the hash algorithm based on high order bits of CRC32. |
- |
lsb |
Indicates the hash algorithm based on the lowest bit of the key value. |
- |
Usage Guidelines
Usage Scenario
The device uses a hash algorithm to improve MAC address forwarding performance. If multiple MAC addresses match a key value, a hash conflict occurs.
When a hash conflict occurs, the device may fail to learn many MAC addresses and some traffic can only be broadcast. This results in heavy broadcast traffic on the device. If such a problem occurs, use an appropriate hash algorithm to reduce the hash conflict.
Precautions
MAC addresses are distributed on a network randomly, so the system cannot determine the best hash algorithm. Generally, the default hash algorithm is the best one, so do not change the hash algorithm unless you have special requirement.
An appropriate hash algorithm can only reduce hash conflicts, but cannot prevent them.
After changing the hash algorithm and saving the configuration, restart the device for the configuration to take effect.
If you run the mac-address hash-mode command multiple times, only the latest configuration takes effect.
mac-address learning disable (Interface view)
Function
The mac-address learning disable command disables MAC address learning.
The undo mac-address learning disable command enables MAC address learning.
By default, MAC address learning is enabled.
Format
mac-address learning disable [ action { discard | forward } ]
undo mac-address learning disable
Parameters
Parameter |
Description |
Value |
|---|---|---|
action |
Indicates the action that the interface takes after MAC address learning is disabled.
By default, an interface forwards the packets carrying new MAC addresses after MAC address learning is disabled. |
- |
discard |
Discards the packets whose source MAC addresses do not match the MAC address table. |
- |
forward |
Forwards the packets according to the MAC address table. |
- |
Views
GE interface view, 10GE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view
Usage Guidelines
Usage Scenario
If you want an interface to forward only packets with certain MAC addresses, use this command. For example, if an interface is connected to a server, configure a static MAC address entry with the MAC address of the server, and then disable MAC address learning and set the action to discard on the interface. The configuration prevents other servers or terminals from accessing the interface and improves network stability and security.
When a switch with MAC address learning enabled receives an Ethernet frame, it records the source MAC address and inbound interface of the Ethernet frame in a MAC address entry. When receiving other Ethernet frames destined for this MAC address, the switch forwards the frames through the corresponding outbound interface according to the MAC address entry. MAC address learning reduces broadcast packets on a network.
You can use the mac-address learning disable command to disable MAC address learning on an interface. The action performed on received packets can be set to discard or forward.
By default, the switch takes the forward action after MAC address learning is disabled. That is, the switch forwards packets according to the MAC address table. When the action is set to discard, the switch looks up the source MAC address of the packet in the MAC address table. If the source MAC address is found in the MAC address table, the switch forwards the packet according to the matching MAC address entry. If the source MAC address is not found, the switch discards the packet.
Precautions
After MAC address learning is disabled on an interface, the device does not learn new MAC addresses on the interface, but untrusted terminals can still access the network.
mac-address learning disable (VLAN view)
Function
The mac-address learning disable command disables MAC address learning.
The undo mac-address learning disable command enables MAC address learning.
By default, MAC address learning is enabled.
Usage Guidelines
Usage Scenario
To improve the device security, configure the VLANs where only packets with specified MAC addresses are allowed. After MAC address learning is disabled, the AR does not learn new MAC addresses from a VLAN. Communication cannot be implemented through this VLAN, so the network stability and security are improved.
When the switch enabled with MAC address learning receives an Ethernet frame, it records the source MAC address of the Ethernet frame and adds it to a MAC address entry. When receiving other Ethernet frames destined for this MAC address, the switch forwards the frames through the corresponding outbound interface based on the MAC address entry. MAC address learning reduces broadcast packets on a network.
mac-address learning disable (traffic behavior view)
Function
The mac-address learning disable command disables MAC address learning in a traffic behavior.
The undo mac-address learning disable command enables MAC address learning in a traffic behavior.
By default, MAC address learning is enabled in a traffic behavior.
Usage Guidelines
Usage Scenario
The mac-address learning disable command is used in the following scenarios:
- When a network is running stably and the MAC address of packets is fixed, a device does not need to learn MAC addresses of other packets. To save MAC addresses and improve device efficiency, apply a traffic policy and disable MAC address learning in all the traffic classifiers bound to the traffic policy.
- Some unauthorized users may change MAC addresses frequently to attack the network. To prevent MAC address overflow and protect device performance, apply a traffic policy and disable MAC address learning in all the traffic classifiers bound to the traffic policy.
Follow-up Procedure
Run the traffic policy command to create a traffic policy and run the classifier behavior command in the traffic policy view to bind the traffic classifier to the traffic behavior containing the action of disabling MAC address learning.
Precautions
A traffic policy containing MAC address learning disabling can be only applied to the inbound direction.
The mac-address learning disable command is similar to the mac-address learning disable (interface view) command or mac-address learning disable (VLAN view) command. The difference is that the mac-address learning disable command is valid for the packets matching the user-defined traffic classifier and is applied to the system, an interface, or a VLAN by using the traffic policy. The mac-address learning disable (interface view) command or mac-address learning disable (VLAN view) command is used in the interface view, port group view, or VLAN view and is valid for all the packets in the corresponding view.
To disable MAC address learning on an interface, in a port group, or in a VLAN, run the mac-address learning disable (interface view) command or mac-address learning disable (VLAN view) command. To disable MAC address learning for a specified traffic classifier, run the mac-address learning disable command in the traffic behavior view.
mac-address notification
Function
The mac-address notification command enables the trap function for MAC address learning or aging.
The undo mac-address notification command disables the trap function for MAC address learning or aging.
By default, the trap function for MAC address learning or aging is disabled.
Format
mac-address notification { aging | learning | all }
undo mac-address notification { aging | learning | all }
Parameters
Parameter |
Description |
Value |
|---|---|---|
aging |
Enables the trap function for MAC address aging. |
- |
learning |
Enables the trap function for MAC address learning. |
- |
all |
Enables the trap function for MAC address learning and aging. |
- |
Views
GE interface view, 10GE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view
mac-address notification interval
Function
The mac-address notification interval command sets the interval at which the device checks MAC address learning or aging.
The undo mac-address notification interval command restores the default interval at which the device checks MAC address learning or aging.
By default, the device checks MAC address learning or aging at intervals of 10s.
Format
mac-address notification interval interval-time
undo mac-address notification interval [ interval-time ]
Parameters
Parameter |
Description |
Value |
|---|---|---|
interval-time |
Specifies the interval at which the device checks MAC address learning or aging. |
The value is an integer that ranges from 10 to 600, in seconds. The default value is 10. |
Usage Guidelines
After the mac-address notification command is used to enable the trap function when the device learns MAC addresses or MAC addresses are aged, the device periodically checks whether MAC addresses are learned or aged. You can run the mac-address notification interval command to set the interval.
mac-address static vlan
Function
The mac-address static vlan command configures a static MAC address entry.
The undo mac-address static vlan command deletes a static MAC address entry.
By default, no static MAC address entry is configured.
Format
mac-address static mac-address interface-type interface-number vlan vlan-id
undo mac-address static [ interface-type interface-number | vlan vlan-id ] *
undo mac-address static mac-address interface-type interface-number vlan vlan-id
Parameters
Parameter |
Description |
Value |
|---|---|---|
mac-address |
Specifies the MAC address in a static MAC address entry. |
The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits. The MAC address cannot be FFFF-FFFF-FFFF or a multicast MAC address. |
interface-type interface-number |
Specifies the outbound interface in a static MAC address entry. |
- |
vlan vlan-id |
Specifies the ID of the VLAN that the outbound interface belongs to. |
The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command. |
Usage Guidelines
Usage Scenario
- Improve security. The device directly discards packets sent from unauthorized users using authorized users' MAC addresses.
- Guide unicast forwarding and save bandwidth.
Precautions
- The VLAN in a static MAC address entry must have been created and the outbound interface in the same static MAC address entry has been added to the VLAN.
- If you configure a static MAC address entry when the MAC address table is full, the device processes the MAC address entry as follows:
- If a dynamic MAC address entry with the same MAC address and VLAN ID exists in the MAC address table, the static MAC address entry replaces the dynamic MAC address entry.
- If no dynamic MAC address entry with the same MAC address and VLAN ID exists in the MAC address table, the static MAC address entry cannot be added to the MAC address table.
- You can run the mac-address static command multiple times to configure multiple static MAC address entries.
- If there is a MAC address that is generated based on DHCP snooping binding entries, the MAC address cannot be configured as a static MAC address.
Example
# Add a static MAC address entry to the MAC address table. In the MAC address entry, the destination MAC address is 0003-0003-0003, the VLAN ID is 4, and the outbound interface is 10ge1/0/2. That is, the device forwards packets with the destination MAC address of 0003-0003-0003 from VLAN 4 through 10ge1/0/2.
<HUAWEI> system-view [~HUAWEI] vlan 4 [*HUAWEI-vlan4] quit [*HUAWEI] interface 10ge 1/0/2 [*HUAWEI-10GE1/0/2] port link-type access [*HUAWEI-10GE1/0/2] port default vlan 4 [*HUAWEI-10GE1/0/2] quit [*HUAWEI] mac-address static 0003-0003-0003 10ge 1/0/2 vlan 4
mac-address update arp enable
Function
The mac-address update arp enable command enables the MAC address-triggered ARP entry update function. That is, the Switch is enabled to update outbound interfaces in ARP entries when outbound interfaces in MAC address entries change.
The undo mac-address update arp enable command disables the MAC address-triggered ARP entry update function.
By default, the MAC address-triggered ARP entry update function is enabled.
Usage Guidelines
Usage Scenario
On the Ethernet, MAC address entries are used to guide Layer 2 data forwarding. The ARP entries that define the mapping between IP addresses and MAC addresses guide communication between devices on different network segments.
The outbound interface in a MAC address entry is updated by packets, whereas the outbound interface in an ARP entry is updated after the aging time is reached. In this case, the outbound interfaces in the MAC address entry and ARP entry may be different. To address this issue, run the mac-address update arp enable command to enable the Switch to update outbound interfaces in ARP entries when outbound interfaces in MAC address entries change.
In data center virtualization scenarios, when the location of a virtual machine (VM) changes, user traffic on the network may be interrupted if the VM cannot send gratuitous ARP messages promptly to update ARP entries on the gateway. In this case, the device relearns ARP entries by exchanging ARP messages only after ARP entries on the gateway age.
- If ARP entries exist and the outbound interface of MAC entries is inconsistent with that of ARP entries, ARP entries are updated based on MAC entries, and outbound interface information is updated.
- If ARP entries do not exist, a broadcast suppression table is searched based on MAC entries and ARP probe is re-initiated to update ARP entries and outbound interface information.
Precautions
This command takes effect only for dynamic ARP entries. Static ARP entries are not updated when the corresponding MAC address entries change.
The mac-address update arp enable command does not take effect after ARP entry fixing is enabled by using the arp anti-attack entry-check { fixed-mac | fixed-all | send-ack } enable command.
After the mac-address update arp enable command is run, the Switch updates an ARP entry only if the outbound interface in the corresponding MAC address entry changes.
By default, MAC address triggered ARP entry update is enabled. If MAC address flapping occurs for more than 10 times, MAC address triggered ARP entry update is disabled. After MAC address flapping is eliminated, MAC address triggered ARP entry update is enabled automatically.
mac-address learning priority
Function
The mac-address learning priority command sets the MAC address learning priority of an interface.
The undo mac-address learning priority command restores the default MAC learning priority of an interface.
By default, the MAC address learning priority of an interface is 0.
Only CE9860EI, CE6870EI, CE6881, CE5881, CE6881K, CE6820, CE6863, CE6863K, and CE6881E switches do not support this command.
Parameters
Parameter |
Description |
Value |
|---|---|---|
priority priority-id |
Specifies the MAC address learning priority of an interface. |
The value is an integer that ranges from 0 to 3. A larger value indicates a higher priority. |
Views
GE interface view, 10GE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view
Usage Guidelines
Usage Scenario
An uplink interface of the switch is connected to a server, and downlink interfaces are connected to users. To prevent unauthorized users from using the server MAC address to connect to the switch, run the mac-address learning priority command to set the priority of the uplink interface to be higher than the user-side interfaces. When these interfaces learn the same MAC address, the MAC address entry learned by the uplink interface overrides MAC address entries learned by the user-side interfaces. Therefore, the switch will not learn MAC addresses of unauthorized users, and authorized users can access the server and use network resources.
You can run the undo mac-address learning priority allow-flapping command to forbid MAC address flapping between interfaces with the same priority.
Both the undo mac-address learning priority allow-flapping command and the mac-address learning priority command can prevent MAC address flapping. The difference between the two commands is as follows:
- The undo mac-address learning priority allow-flapping command prevents MAC address flapping between interfaces with the same priority. If an attacker uses the server MAC address to connect to the CloudEngine 9800, 8800, 6800, and 5800 series switches after the server is powered off, the switch learns the MAC address of the forged server. After the real server is powered on, the switch cannot learn the correct server MAC address.
- The mac-address learning priority command prevents MAC address flapping between interfaces with different priorities. If an attacker uses the server MAC address to connect to the switch after the server is powered off, the switch learns the MAC address of the forged server. After the real server is powered on, the switch can learn the correct server MAC address.
Precautions
If you run the mac-address learning priority command multiple times in the same interface view, only the latest configuration takes effect.
mac-address learning priority allow-flapping
Function
The mac-address learning priority allow-flapping command allows MAC address flapping between interfaces with the same priority.
The undo mac-address learning priority allow-flapping command prevents MAC address flapping between interfaces with the same priority.
By default, MAC address flapping between interfaces with the same priority is allowed.
Only CE9860EI, CE6870EI, CE6881, CE5881, CE6881K, CE6820, CE6863, CE6863K, and CE6881E switch do not support this command.
Format
mac-address learning priority priority-id allow-flapping
undo mac-address learning priority priority-id allow-flapping
Parameters
Parameter |
Description |
Value |
|---|---|---|
priority priority-id |
Specifies the MAC address learning priority of an interface. |
The value is an integer that ranges from 0 to 3. A larger value indicates a higher priority. |
Usage Guidelines
Usage Scenario
An uplink interface of the switch is connected to a server, and downlink interfaces are connected to users. To prevent unauthorized users from using the server MAC address to connect to the switch, you can run the undo mac-address learning priority allow-flapping command to forbid MAC address flapping between interfaces with the same priority. MAC address then will not be learned by multiple interfaces. This prevents attackers from using the MAC addresses of valid devices to attack the switch.
Both the mac-address learning priority command and the undo mac-address learning priority allow-flapping command can prevent MAC address flapping. The difference between the two commands is as follows:
- The undo mac-address learning priority allow-flapping command prevents MAC address flapping between interfaces with the same priority. If an attacker uses the server MAC address to connect to the switch after the server is powered off, the switch learns the MAC address of the forged server. After the real server is powered on, the switch cannot learn the correct server MAC address.
- The mac-address learning priority command prevents MAC address flapping between interfaces with different priorities. If an attacker uses the server MAC address to connect to the switch after the server is powered off, the switch learns the MAC address of the forged server. After the real server is powered on, the switch can learn the correct server MAC address.
mac-address limit
Function
The mac-address limit command sets the maximum number of MAC addresses that can be learned.
The undo mac-address limit command cancels the configuration.
By default, the number of learned MAC addresses is not limited.
Format
mac-address limit { maximum max-num | action { discard | forward } | alarm { disable | enable } } *
undo mac-address limit
Parameters
Parameter |
Description |
Value |
|---|---|---|
action { discard | forward } |
Indicates the action to be taken when the number of learned MAC address entries reaches the limit.
|
If no action is specified in the command, the default action discard is used in interface view, and forward is used in VLAN view. |
alarm { disable | enable } |
Indicates whether the system generates an alarm when the number of learned MAC address entries reaches the limit.
|
If you do not set this parameter in the command, the alarm function is enabled by default. |
maximum max-num |
Sets the maximum number of MAC addresses that can be learned. |
The value is a decimal integer ranging from 0 to 32767. The value 0 indicates that the highest rate of MAC address learning is not limited. |
Views
GE interface view, 10GE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, VLAN view, VLAN-Range view, port group view
Usage Guidelines
Usage Scenario
The mac-address limit command limits the number of access users and prevents attacks to the MAC address tables. You can enable the function to improve network security.
Precautions
- This command is valid for new online users and invalid for existing online users.
- When the number of learned MAC addresses reaches the limit, the switch forwards the packets with new source MAC addresses but does not add the new MAC addresses to the MAC address table.
- If a device has learned some MAC addresses on an interface or VLAN, you can run the reset mac-address command to clear the learned MAC address entries; otherwise, the maximum number of the MAC addresses that can be learned is inaccurate.
- The mac-address limit and port-security enable commands cannot be used on the same interface.
- This command is invalid for packets forwarded at Layer 3.
- After MAC address limiting is configured on an interface, the VXLAN packets received by an interface on a switch model excluding the CE6870EI, CE6881, CE5881, CE6881K, CE6820, CE6863, CE6863K, or CE6881E are not affected by this function.
- On devices except the CE6870EI, CE6881, CE5881, CE6881K, CE6820, CE6863, CE6863K, and CE6881E, if the number of MAC addresses learned in the VLAN reaches the upper limit or the MAC address learning function is disabled in the VLAN, the packet discarding function configured using the mac-address limit action discard command does not take effect on interfaces in the VLAN.
- When the maximum number of learned MAC addresses in the VLAN view is reached, and the user host uses another interface to connect to the device due to physical position change, the device does not learn the new MAC address and the user cannot go online. You can use the following solutions:
- If the user host's physical position is fixed, limit the number of learned MAC addresses in the VLAN view.
- If the user host's physical position often changes, do not limit the number of learned MAC addresses in the VLAN view.
Example
# Set the maximum number of MAC addresses that can be learned by 10GE1/0/2 to 30, and configure the device to generate an alarm when the number learned of MAC addresses reaches the limit.
<HUAWEI> system-view [~HUAWEI] interface 10ge 1/0/2 [~HUAWEI-10GE1/0/2] mac-address limit alarm enable maximum 30
mac-address miss action discard
Function
The mac-address miss action discard command configures the system to discard the packets that do not match any MAC address entry in a VLAN.
The undo mac-address miss action discard command restores the default configuration. That is, the system broadcasts the packets that do not match any MAC address entry in a VLAN.
By default, the system broadcasts the packets that do not match any MAC address entry in a VLAN.
Usage Guidelines
When a DHCP user goes offline, the MAC address entry of the user ages. If there are packets destined for this user, the system cannot find the MAC address entry, so it broadcasts the packets to all interfaces in the VLAN. In this case, all users can receive the packets. This affects packet security. The mac-address miss action discard command can reduce workload on the device and improve packet security.
port bridge enable
Function
The port bridge enable command enables the port bridge function on an interface. The interface then can forward packets whose source and destination MAC addresses are both learned by this interface.
The undo port bridge enable command disables the port bridge function.
By default, the port bridge function is disabled on an interface.
CE6881, CE5881, CE6881K, CE6820, CE6863, CE6863K, and CE6881E do not support this command.
Views
GE interface view, 10GE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view
Usage Guidelines
By default, an interface does not forward packets whose source and destination MAC addresses are both learned by this interface. When the interface receives such a packet, it discards the packet as an invalid packet.
After the port bridge function is enabled on the interface, the interface forwards such a packet if the destination MAC address of the packet is in the MAC address table.
The port bridge function is used in the following scenarios:
The device is used as an access device in a data center and is connected to servers. Each server is configured with multiple virtual machines. The virtual machines need to transmit data to each other. If data between virtual machines is transmitted on the server, the data transmission rate and server performance may be affected. To improve the data transmission rate and server performance, enable the port bridge function on the interfaces connected to the servers so that the device forwards data packets between the virtual machines.
reset mac-address
Format
reset mac-address mac-address [ vlan vlan-id ]
reset mac-address interface-type interface-number [ vlan vlan-id ]
reset mac-address vlan vlan-id [ interface-type interface-number ]
reset mac-address
Parameters
| Parameter | Description | Value |
|---|---|---|
mac-address |
Deletes a MAC address entry mapped to a MAC address. |
The value is in the format of H-H-H. Each H is a 4-bit hexadecimal number, such as 00e0 or fc01. If an H contains less than 4 bits, 0s are padded ahead. For example, an H is e0. It is displayed as 00e0 in the MAC address. The MAC address cannot be a broadcast MAC address (FFFF-FFFF-FFFF) or a multicast MAC address (the eighth bit is 1). |
vlan vlan-id |
Deletes a MAC address entry with a specified VLAN ID. |
The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command. |
interface-type interface-number |
Deletes a MAC address entry on a specified interface. |
- |
Usage Guidelines
Usage Scenario
To delete dynamically learned MAC address entries (entries to be deserted, for example), run the reset mac-address command.
Prerequisites
Before running the reset mac-address vlan command to delete MAC address entries in a specified VLAN, ensure that the VLAN has been created.
Precautions
After the reset mac-address command is run, the dynamically learned MAC address entries are deleted and cannot be restored. Exercise caution before you determine to run this command. To prevent incorrect deletion of available MAC address entries, specify VLAN ID or interface name for a MAC address entry to be deleted.
Example
# Delete a specified MAC address entry.
<HUAWEI> reset mac-address 1-1-1
# Delete MAC address entries mapped to a specified VLAN ID.
<HUAWEI> reset mac-address vlan 10
# Delete MAC address entries on a specified interface.
<HUAWEI> reset mac-address 10ge 1/0/1
# Delete MAC address entries based on the VLAN to which a specified interface belongs.
<HUAWEI> reset mac-address 10ge 1/0/1 vlan 10
reset mac-address flapping record
Parameters
| Parameter | Description | Value |
|---|---|---|
all |
Clears all MAC address flapping records, including aged and active ones. |
- |
Usage Guidelines
Usage Scenario
Before collecting MAC address flapping statistics, run the reset mac-address flapping record command to clear the current statistics.
Precautions
The reset mac-address flapping record command clears only aged MAC address flapping records. To clear all MAC address flapping records, specify all.
After clearing MAC address flapping records, you can run the display mac-address flapping command to view current MAC address flapping records.
The cleared MAC address flapping records cannot be restored.
When MAC address flapping occurs in a VLAN or BD and the loop is not eliminated, if the interface is added to or removed from an Eth-Trunk, the values of Original-Port and Move-Ports in MAC address flapping records remain unchanged. After the loop is eliminated, delete MAC address flapping entries and perform detection again. This prevents the incorrect source and flapped interfaces from being detected, loop location, and punishment action (Error-Down state or storm control) from being delivered to the incorrect flapped interface.
undo mac-address
Format
undo mac-address { interface-type interface-number | vlan vlan-id } *
undo mac-address mac-address [ vlan vlan-id ]
undo mac-address [ mac-address ] vlan vlan-id
undo mac-address all
The command cannot delete dynamically learned MAC address, for details on how to delete dynamically learned MAC address entries on a device, see reset mac-address.
Parameters
Parameter |
Description |
Value |
|---|---|---|
mac-address |
Specifies the MAC address in a MAC address entry to be deleted. |
The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits. The MAC address cannot be FFFF-FFFF-FFFF or a multicast MAC address. |
interface-type interface-number |
Specifies the interface in a MAC address entry to be deleted. |
- |
vlan vlan-id |
Specifies the VLAN ID in a MAC address entry to be deleted. |
The value is an integer that ranges from 1 to 4094. |
all |
Delete all static, blackhole, security, and sticky MAC address entries. |
- |
Usage Guidelines
Usage Scenario
A MAC address table saves a limited number of MAC addresses. If the MAC address table is full, the device cannot learn new MAC address entries until old MAC addresses are aged out. Packets matching no MAC address entry are broadcast, wasting bandwidth resources. This command can delete useless MAC address entries to release the MAC address table space.
- If you do not specify interface-type interface-number, the command deletes MAC address entries of the specified type on all interfaces.
- If you do not specify vlan vlan-id, the command deletes MAC address entries of the specified type in all VLANs.
Example
# Delete all MAC address entries.
<HUAWEI> system-view [~HUAWEI] undo mac-address all
# Delete all MAC address entries on 10ge1/0/1.
<HUAWEI> system-view [~HUAWEI] undo mac-address 10ge 1/0/1
# Delete all MAC address entries in VLAN 5.
<HUAWEI> system-view [~HUAWEI] undo mac-address vlan 5
# Delete all MAC address entries in which the MAC address is 0004-0004-0004.
<HUAWEI> system-view [~HUAWEI] undo mac-address 0004-0004-0004
undo mac-address limit all
- display bridge mac-address
- display mac-address
- display mac-address aging-time
- display mac-address blackhole
- display mac-address dynamic
- display mac-address flapping
- display mac-address flapping active-table
- display mac-address flapping aged-table
- display mac-address forward-engine
- display mac-address hash-conflict
- display mac-address hash-mode
- display mac-address mux
- display mac-arp statistics
- display mac-nd statistics
- display mac-address peer-synchronization configuration
- display mac-address statistics
- display mac-address statistics vfe
- display mac-address synchronization configuration
- display mac-address static
- display mac-address summary
- display mac-address total-number
- display mac-address tunnel
- display mac-address limit
- drop illegal-mac enable
- mac-address aging-time
- mac-address blackhole
- mac-address flapping aging-time
- mac-address flapping detection
- mac-address flapping detection exclude
- mac-address flapping detection exclude vlan
- mac-address flapping periodical trap enable
- mac-address flapping periodical trap interval
- mac-address flapping trigger error-down
- mac-address hash-mode
- mac-address learning disable (Interface view)
- mac-address learning disable (VLAN view)
- mac-address learning disable (traffic behavior view)
- mac-address notification
- mac-address notification interval
- mac-address static vlan
- mac-address update arp enable
- mac-address learning priority
- mac-address learning priority allow-flapping
- mac-address limit
- mac-address miss action discard
- port bridge enable
- reset mac-address
- reset mac-address flapping record
- undo mac-address
- undo mac-address limit all