Manually configuring mac address entries, Types of mac address table entries, Mac address table-based frame forwarding – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

18

The device performs the learning process each time it receives a frame from an unknown source MAC

address, until the MAC address table is fully populated.

Manually configuring MAC address entries

With dynamic MAC address learning, a device does not distinguish between illegitimate and legitimate

frames, which can invite security hazards. For example, when a hacker sends frames with a forged

source MAC address to a port different from the one where the real MAC address is connected, the

device creates an entry for the forged MAC address, and forwards frames destined for the legal user to
the hacker instead.
You can manually add MAC address entries to the MAC address table of the device to bind specific user

devices to the port. Because manually configured entries have higher priority than dynamically learned

ones, this prevents hackers from stealing data using forged MAC addresses.

Types of MAC address table entries

A MAC address table can contain the following types of entries:

•

Static entries, which are manually added and never age out.

•

Dynamic entries, which can be manually added or dynamically learned and may age out.

•

Blackhole entries, which are manually configured and never age out. Blackhole entries are
configured for filtering out frames with specific source or destination MAC addresses. For example,

to block all packets destined for a specific user for security concerns, you can configure the MAC
address of this user as a destination blackhole MAC address entry.

NOTE:

A static or blackhole MAC address entry can overwrite a dynamic MAC address entry, but not vice versa.

MAC address table-based frame forwarding

When forwarding a frame, the device adopts the following forwarding modes based on the MAC

address table:

•

Unicast mode: If an entry is available for the destination MAC address, the device forwards the
frame out the outgoing interface indicated by the MAC address table entry.

•

Broadcast mode: If the device receives a frame with an all-ones destination address, or no entry is
available for the destination MAC address, the device broadcasts the frame to all the interfaces

except the receiving interface.

Configuring the MAC address table

The configuration tasks discussed in the following sections are all optional and can be performed in any

order.