beautypg.com

Disabling mac address learning on a vlan – H3C Technologies H3C WX5500E Series Access Controllers User Manual

Page 35

background image

24

Step Command

Remarks

2.

Add or modify a

blackhole MAC
address entry.

mac-address blackhole mac-address vlan vlan-id

By default, no MAC
address entry is
configured.
Make sure you have
created the VLAN.

Disabling MAC address learning on a VLAN

Sometimes, you might need to disable MAC address learning to prevent the MAC address table from

being saturated, for example, when your device is being attacked by a large amount of packets with

different source MAC addresses.
When MAC address learning is disabled, the learned MAC addresses remain valid until they age out.
You may disable MAC address learning on a per-VLAN basis.
To disable MAC address learning on a VLAN:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter VLAN view.

vlan vlan-id

N/A

3.

Disable MAC address

learning on the VLAN.

mac-address mac-learning disable

By default, MAC address learning
is enabled on each VLAN.
To disable MAC address learning
for an isolate-user-VLAN, you must

also disable MAC address
learning for the secondary VLANs

associated with the

isolate-user-VLAN. For more

information about
isolate-user-VLANs, see

"Configuring isolate-user-VLANs."

Configuring the aging timer for dynamic MAC address entries

The MAC address table uses an aging timer for dynamic MAC address entries for security and efficient

use of table space. If a dynamic MAC address entry has failed to update before the aging timer expires,

the device deletes the entry. This aging mechanism makes sure the MAC address table can promptly
update to accommodate the most recent network changes.
Set the aging timer appropriately. A too long aging interval might cause the MAC address table to retain

outdated entries, exhaust the MAC address table resources, and fail to update its entries to

accommodate the most recent network changes. A too short interval might result in removal of valid
entries and consequently cause unnecessary broadcasts, which might affect device performance.
You can reduce broadcasts on a stable network by disabling the aging timer to prevent dynamic entries

from unnecessarily aging out. By reducing broadcasts, you improve not only network performance, but

also security, because the chances for a data packet to reach unintended destinations are reduced.
To configure the aging timer for dynamic MAC address entries: