Configuring mac address table, Overview, How a mac address table entry is created – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

32

Configuring MAC address table

Overview

An Ethernet device uses a MAC address table for forwarding frames through unicast instead of

broadcast. This table describes from which port a MAC address (or host) can be reached. When
forwarding a frame, the device first looks up the MAC address of the frame in the MAC address table for

a match. If an entry is found, the device forwards the frame out of the outgoing port in the entry. If no

entry is found, the device broadcasts the frame out of all but the incoming port.

How a MAC address table entry is created

The entries in the MAC address table come from two sources: automatically learned by the device and

manually added by the administrator.

MAC address learning

The device can automatically populate its MAC address table by learning the source MAC addresses of

incoming frames on each port.
When a frame arrives at a port, Port A for example, the device performs the following tasks:

1.

Checks the source MAC address (MAC-SOURCE for example) of the frame.

2.

Looks up the MAC address in the MAC address table.

3.

If an entry is found, updates the entry. If no entry is found, adds an entry for MAC-SOURCE and
Port A.

The device performs the learning process each time it receives a frame from an unknown source MAC

address, until the MAC address table is fully populated.
After learning the source MAC address of a frame, the device looks up the destination MAC address in

the MAC address table. If an entry is found for the MAC address, the device forwards the frame out of

the specific outgoing port, Port A in this example.

Manually configuring MAC address entries

With dynamic MAC address learning, a device does not distinguish between illegitimate and legitimate
frames, which can invite security hazards. For example, when a hacker sends frames with a forged

source MAC address to a port different from the one where the real MAC address is connected to, the

device creates an entry for the forged MAC address, and forwards frames destined for the legal user to

the hacker instead.
To enhance the security of a port, you can manually add MAC address entries to the MAC address table

of the device to bind specific user devices to the port. Because manually configured entries have higher

priority than dynamically learned ones, you can prevent hackers from stealing data using forged MAC

addresses.

Types of MAC address table entries

A MAC address table can contain the following types of entries:

•

Static entries—Manually added and never age out.