beautypg.com

Mac address table configuration, Overview, How a mac address table entry is created – H3C Technologies H3C SecBlade NetStream Cards User Manual

Page 123: Mac address learning, Manually configuring mac address entries

background image

108

MAC address table configuration

This chapter includes these sections:

Overview

Configuring the MAC address table

Displaying and maintaining MAC address tables

MAC address table configuration example

Overview

An Ethernet device uses a MAC address table for forwarding frames through unicast instead of

broadcast. This table describes from which port a MAC address (or host) can be reached. When

forwarding a frame, the device first looks up the MAC address of the frame in the MAC address table for
a match. If an entry is found, the device forwards the frame out of the outgoing port in the entry. If no

entry is found, the device broadcasts the frame out of all but the incoming port.

How a MAC address table entry is created

The entries in the MAC address table come from two sources: automatically learned by the device and

manually added by the administrator.

MAC address learning

The device can automatically populate its MAC address table by learning the source MAC addresses of
incoming frames on each port.
When a frame arrives at a port, Port A for example, the device performs the following tasks:

1.

Checks the source MAC address (MAC-SOURCE for example) of the frame.

2.

Looks up the source MAC address in the MAC address table.

a.

If an entry is found, the device updates the entry.

b.

If no entry is found, the device adds an entry for MAC-SOURCE and Port A.

3.

After learning this source MAC address, when the device receives a frame destined for
MAC-SOURCE, the device finds the MAC-SOURCE entry in the MAC address table and forwards

the frame out Port A.

The device performs the learning process each time it receives a frame from an unknown source MAC

address, until the MAC address table is fully populated.

Manually configuring MAC address entries

With dynamic MAC address learning, a device does not distinguish between illegitimate and legitimate

frames, which can invite security hazards. For example, when a hacker sends frames with a forged

source MAC address to a port different from the one where the real MAC address is connected, the

device creates an entry for the forged MAC address, and forwards frames destined for the legal user to
the hacker instead.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: