Print|Rate this content |
Configuring the MAC address tableThe MAC address table configuration tasks include:
Enabling MAC address roamingThese configuration tasks are all optional and can be performed in any order.The MAC address table can contain only Layer 2 Ethernet ports and Layer 2 aggregate interfaces.This chapter covers only configuring static, dynamic, and blackhole unicast MAC address table entries. Manually configuring MAC address table entriesTo fence off MAC address spoofing attacks and improve port security, the user can manually add MACaddress table entries to bind ports with MAC addresses.The user can also configure blackhole MAC address entries to filter out packets with certain source ordestination MAC addresses. To add, modify, or remove entries in the MAC address table in system view:
To add or modify a MAC address table entry in interface view:
When the user configures a static MAC address entry on an interface that belongs to a specific isolate-user-VLAN, the user only needs to specify the isolate-user-VLAN, instead of any secondary VLANs associated withthe isolate-user-VLAN. Disabling MAC address learning on a VLANThe user may need to disable MAC address learning sometimes to prevent the MAC address table frombeing saturated, for example, when the switch is being attacked by a large amount of packets withdifferent source MAC addresses.The user may disable MAC address learning on a per-VLAN basis. To disable MAC address learning on a VLAN, perform the following:
When MAC address learning is disabled, the obtained MAC addresses remain valid until they age out. Configuring the aging timer for dynamic MAC address entriesThe MAC address table uses an aging timer for dynamic MAC address entries for security and efficientuse of table space. If a dynamic MAC address entry has failed to update before the aging timer expires,the device deletes the entry. This aging mechanism ensures that the MAC address table can quicklyupdate to accommodate the latest network changes. Set the aging timer appropriately. Too long an aging interval might cause the MAC address table toretain outdated entries, exhaust the MAC address table resources, and fail to update its entries toaccommodate the latest network changes. Too short an interval might result in removal of valid entries,causing unnecessary broadcasts, which might affect device performance. To configure the aging timer for dynamic MAC address entries follow the steps:
Reduce broadcasts on a stable network by disabling the aging timer to prevent dynamic entries fromunnecessarily aging out. By reducing broadcasts, not only network performance is improved, but alsosecurity, because the chances for a data packet to reach unintended destinations are reduced. Configuring the MAC learning limit on portsAs the MAC address table is growing, the forwarding performance of the device might degrade. Toprevent the MAC address table from getting so large that the forwarding performance degrades, the number of MAC addresses can be limited that a port can obtain. To configure the MAC learning limit on a Layer 2 Ethernet interface or all ports in a port group follow the steps:
Enabling MAC address roamingAfter the user is enabling MAC address roaming on an IRF fabric, each member switch advertises learned MACaddresses to other member switches. As Figure 1- MAC address tables of devices when Client A associates with AP C, shows, Device A and Device B form an IRF fabric enabled with MAC address roaming.They connect to AP C and AP D, respectively. When Client A associates with AP C, Device A learns theMAC address of Client A and advertises it to the member switch Device B. Figure 1: MAC address tables of devices when Client A associates with AP C If Client A roams to AP D, Device B learns the MAC address of Client A and advertises it to Device A toensure service continuity for Client A, as shown in Figure 2 - MAC address tables of devices when Client A roams to AP D. Figure 2: MAC address tables of devices when Client A roams to AP D To enable MAC address roaming, perform the following:
Displaying and maintaining MAC address tables
MAC address table configuration exampleNetwork requirements
Configuration procedure
|
Provide feedback |
Please rate the information on this page to help us improve our content. Thank you! |