H3C Technologies H3C SecPath F1000-E User Manual
Page 78
53
Adding or modifying a MAC address table entry in system view
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Add or modify a
dynamic or static MAC
address entry.
mac-address { dynamic | static } mac-address
interface interface-type interface-number vlan
vlan-id
Use either command.
Make sure that you have
created the VLAN and
assigned the interface to
the VLAN.
3.
Add or modify a
blackhole MAC address
entry.
mac-address blackhole mac-address vlan vlan-id
Adding or modifying a MAC address table entry on an interface
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter Layer 2 Ethernet or
aggregate interface view.
interface interface-type
interface-number
N/A
3.
Add or modify a static or
dynamic MAC address entry.
mac-address { dynamic | static }
mac-address vlan vlan-id
Make sure that you have created
the VLAN and assigned the
interface to the VLAN.
Configuring the aging timer for dynamic MAC address entries
The MAC address table uses an aging timer for dynamic MAC address entries for security and efficient
use of table space. If a dynamic MAC address entry has failed to update before the aging timer expires,
the device deletes the entry. This aging mechanism ensures that the MAC address table could promptly
update to accommodate latest network changes.
Set the aging timer appropriately. Too long am aging interval may cause the MAC address table to
retain outdated entries, exhaust the MAC address table resources, and fail to update its entries to
accommodate the latest network changes. Too short an interval may result in removal of valid entries,
causing unnecessary broadcasts, which may affect device performance.
To configure the aging timer for dynamic MAC address entries:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Configure the aging timer for
dynamic MAC address
entries.
mac-address timer { aging seconds
| no-aging }
Optional.
300 seconds by default.
You can reduce broadcasts on a stable network by disabling the aging timer to prevent dynamic entries
from unnecessarily aging out. By reducing broadcasts, you improve not only network performance, but
also security, because the chances for a data packet to reach unintended destinations are reduced.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer