Huawei AR530 Series - Limiting the Number of Learned MAC Addresses

408 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

By default, the industrial switch router performs the forward action after MAC address

learning is disabled. That is, the industrial switch router forwards packets according

to the MAC address table. When the action is configured to discard, the industrial

switch router matches the source MAC addresses of packets with the MAC address

entries. If the inbound interface and source MAC address of a packet matches a MAC

address entry, the industrial switch router forwards the packet. Otherwise, the

industrial switch router discards the packet.

l Disabling MAC address learning in the VLAN view

1. Run:

system-view

The system view is displayed.

2. Run:

vlan vlan-id

The VLAN view is displayed.

3. Run:

mac-address learning disable

MAC address learning is disabled in the VLAN.

By default, MAC address learning is enabled in a VLAN.

1.6.1.5 Limiting the Number of Learned MAC Addresses

Context

The network with low security may be attacked by MAC address attacks. The capacity of a MAC

address table is limited. Therefore, when hackers forge a large quantity of packets with different

source MAC addresses and send the packets to the industrial switch router, the MAC address

table of the industrial switch router may reach its full capacity. When the MAC address table is

full, the industrial switch router cannot learn source MAC addresses of valid packets.

You can limit the number of MAC address entries learned on the industrial switch router. When

the number of learned MAC address entries reaches the limit, the industrial switch router does

not learn new MAC addresses. You can also configure the action and enable the device to send

an alarm to the NMS when the number of MAC address entries reaches the limit.. This prevents

MAC address attacks and improves network security.

NOTE

The AR530&AR550 donot support limiting the number of MAC addresses learned in a VLAN.

Procedure

l Limit the number of MAC addresses learned by an interface.

1. Run:

system-view

The system view is displayed.

2. Run:

interface interface-type interface-number

The interface view is displayed.

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Ethernet Switching

1 MAC Address Table Configuration

Issue 01 (2014-11-30) Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.

12

Table of Contents

Other manuals for Huawei AR530 Series

Manual505 pages

Quick Start Guide16 pages

Hardware Installation And Maintenance Guide219 pages

Related product manuals

Huawei AR502CG-L

Preview: Huawei AR550 Series

Huawei AR550 Series

Preview: Huawei AR502 Series

Huawei AR502 Series

Preview: Huawei AR500 Series

Huawei AR500 Series

Preview: Huawei AR550-8FE-D-H

Huawei AR550-8FE-D-H

Preview: Huawei AR1200-S

Huawei AR1200-S

Preview: Huawei AR Series

Huawei AR Series

Preview: Huawei AR1200 Series

Huawei AR1200 Series

Preview: Huawei AR2200 Series

Huawei AR2200 Series

Preview: Huawei Quidway AR-19-61

Huawei Quidway AR-19-61