beautypg.com

Mac address table-based frame forwarding, Configuring the mac address table – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 43

background image

33

Dynamic entries—Manually added or dynamically learned and may age out.

Blackhole entries—Manually configured and never age out. Blackhole entries are configured for
filtering out frames with specific destination MAC addresses. For example, to block all packets
destined for a specific user for security concerns, you can configure the MAC address of this user

as a blackhole destination MAC address entry.

To adapt to network changes and prevent inactive entries from occupying table space, an aging

mechanism is adopted for dynamic MAC address entries. Each time a dynamic MAC address entry is
learned or created, an aging time starts. If the entry has not updated when the aging timer expires, the

device deletes the entry. If the entry has updated before the aging timer expires, the aging timer restarts.

NOTE:

A static or blackhole MAC address entry can overwrite a dynamic MAC address entry, but not vice versa.

MAC address table-based frame forwarding

When forwarding a frame, the device adopts the following forwarding modes based on the MAC

address table:

Unicast mode—If an entry is available for the destination MAC address, the device forwards the
frame out the outgoing interface indicated by the MAC address table entry.

Broadcast mode—If the device receives a frame with the destination address being all ones, or no
entry is available for the destination MAC address, the device broadcasts the frame to all the

interfaces except the receiving interface.

Configuring the MAC address table

The configuration tasks discussed in the following sections are all optional and can be performed in any

order.

NOTE:

The MAC address table can contain only Layer 2 Ethernet ports and Layer 2 aggregate interfaces.

Configuring static, dynamic, and blackhole MAC address

table entries

To fence off MAC address spoofing attacks and improve port security, you can manually add MAC

address table entries to bind ports with MAC addresses.
You can also configure blackhole MAC address entries to filter out packets with certain destination MAC
addresses.

Add or modify a static, dynamic, or blackhole MAC address table entry globally

Step Command

Remarks

1.

Enter system view.

system-view

N/A

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: