Enabling mac address synchronization – H3C Technologies H3C S5560 Series Switches User Manual

11

The MAC learning priority mechanism assigns either low priority or high priority to an interface. An

interface with high priority can learn MAC addresses as usual. However, an interface with low priority
is not allowed to learn MAC addresses already learned on a high-priority interface.
The MAC learning priority mechanism can help defend your network against MAC address spoofing

attacks. In a network that performs MAC-based forwarding, an upper layer device MAC address might

be learned by a downlink interface because of a loop or attack to the downlink interface. To avoid this
problem, perform the following tasks:

•

Assign high MAC learning priority to an uplink interface.

•

Assign low MAC learning priority to a downlink interface.

To assign MAC learning priority to an interface:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

•

Enter Layer 2 Ethernet interface

view:
interface interface-type

interface-number

•

Enter Layer 2 aggregate interface

view:

interface bridge-aggregation

interface-number

N/A

3.

Assign MAC learning priority

to the interface.

mac-address mac-learning priority
{ high | low }

By default, low MAC learning
priority is used.

Enabling MAC address synchronization

To avoid unnecessary floods and improve forwarding speed, make sure all member devices have the

same MAC address table. After you enable MAC address synchronization, each member device

advertises learned MAC address entries to other member devices.
As shown in

Figure 3

,

•

Device A and Device B form an IRF fabric enabled with MAC address synchronization.

•

Device A and Device B connect to AP C and AP D, respectively.

When Client A associates with AP C, Device A learns a MAC address entry for Client A and advertises
it to Device B.