Disabling MAC Address Learning
When an S7700 enabled with MAC address learning receives an Ethernet frame, it records the
source MAC address and inbound interface of the Ethernet frame in a MAC address entry. When
receiving other Ethernet frames destined for this MAC address, the S7700 forwards the frames
through the corresponding outbound interface according to the MAC address entry. The MAC
address learning function reduces broadcast packets on a network.
After MAC address learning is disabled on an interface, the S7700 does not learn source MAC
addresses of packets received by the interface.
Limiting the Number of Learned MAC Addresses
The S7700 can limit the number of MAC addresses learned on an interface, VLAN, LPU, or
VSI. When the number of learned MAC address entries reaches the limit, the S7700 stops
learning MAC addresses. When the S7700 receives packets with unknown source MAC
addresses, it discards or forwards the packets and generates an alarm to alert you if it is configured
to do so. This method controls the number of access users flexibly and protects user devices and
the network from MAC address attacks.
Port Security
The port security function changes MAC addresses learned by an interface to secure dynamic
MAC addresses or sticky MAC addresses. It prevents devices with untrusted MAC addresses
from accessing an interface and improves device security.
Differences between secure dynamic MAC addresses and sticky MAC addresses are:
l Secure dynamic MAC addresses are learned after port security is enabled and will not be
aged out by default. Secure dynamic MAC addresses will be lost after the device restarts
and the device needs to learn the MAC addresses again.
l Sticky MAC addresses are learned after the sticky MAC function is enabled. Sticky MAC
addresses will not be aged out and will exist after the S7700 restarts.
MAC Address Anti-flapping
MAC address flapping occurs on a network when the network has a loop or is attacked. To
prevent MAC address flapping, you can set MAC address learning priorities for interfaces so
that MAC addresses can be learned by correct interfaces. When the same MAC address is learned
by interfaces with different priorities, the MAC address entry learned by the interface with the
highest priority overrides the MAC address entries learned by other interfaces. You can also
determine whether to allow MAC address flapping between interfaces with the same priority.
MAC Address Flapping Detection
MAC address flapping occurs on a network when the network has a loop or is attacked. The
S7700 can detect MAC address flapping and perform a specified action, for example, block the
interface, to minimize impact of MAC address flapping on the network. You can also configure
the S7700 only to send trap messages to the network management system when the S7700 detects
MAC address flapping.
Quidway S7700 Smart Routing Switch
Configuration Guide - Ethernet 7 MAC Address Table Configuration
Issue 01 (2011-07-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
346
To Next Page
Loading...
