H3C Technologies H3C SecBlade NetStream Cards User Manual

110

You can also configure blackhole MAC address entries to filter out packets with certain destination MAC

addresses.

Add or modify a static, dynamic, or blackhole MAC address table entry globally

Follow these steps to add or modify a static, dynamic, or blackhole MAC address table entry in system

view:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Add or modify a dynamic or
static MAC address entry

mac-address { dynamic | static } mac-address
interface interface-type interface-number vlan

vlan-id

Required
Use either command.
Ensure that you have
created the VLAN and

assign the interface to the
VLAN.

Add or modify a blackhole
MAC address entry

mac-address blackhole mac-address vlan vlan-id

Add or modify a static or dynamic MAC address table entry on an interface

Follow these steps to add or modify a static or dynamic MAC address table entry in interface view:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter interface view

interface interface-type
interface-number

—

Add or modify a static or dynamic
MAC address entry

mac-address { dynamic | static }
mac-address vlan vlan-id

Required
Ensure that you have created the
VLAN and assign the interface to

the VLAN.

Configuring the aging timer for dynamic MAC address entries

The MAC address table uses an aging timer for dynamic MAC address entries for security and efficient

use of table space. If a dynamic MAC address entry has failed to update before the aging timer expires,

the device deletes the entry. This aging mechanism ensures that the MAC address table could promptly
update to accommodate latest network changes.
Set the aging timer appropriately. Too long am aging interval may cause the MAC address table to

retain outdated entries, exhaust the MAC address table resources, and fail to update its entries to

accommodate the latest network changes. Too short an interval may result in removal of valid entries,
causing unnecessary broadcasts, which may affect device performance.
Follow these steps to configure the aging timer for dynamic MAC address entries:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Configure the aging timer for
dynamic MAC address entries

mac-address timer { aging seconds
| no-aging }

Optional
300 seconds by default.

You can reduce broadcasts on a stable network by disabling the aging timer to prevent dynamic entries

from unnecessarily aging out. By reducing broadcasts, you improve not only network performance, but

also security, because the chances for a data packet to reach unintended destinations are reduced.