To consume MAC address table resources of a switch and thereby prevent the switch from learning new entries, a malicious user may send large numbers of packets with spurious source MAC addresses. Such an attack will also consume bandwidth resources because the switch broadcasts the packets that do not match MAC address entries.
To address the preceding issue, the switch provides the following MAC address learning control methods:
Disabling MAC address learning on a VLAN or an interface
Limiting the number of learned MAC address entries on a VLAN or an interface
| MAC Address Learning Control Method | Description | Application Scenario |
|---|---|---|
Disabling MAC address learning on a VLAN or an interface |
After MAC address learning is disabled on a VLAN or an interface, the switch does not learn new dynamic MAC address entries on the VLAN or interface. The dynamic MAC address entries already learned are aged out when the aging time expires. These entries can also be manually deleted through commands. |
|
Limiting the number of learned MAC address entries on a VLAN or an interface |
The switch can learn only the specified number of MAC address entries on a VLAN or an interface. When the specified number is reached, the switch reports an alarm. Subsequently, the switch cannot learn new MAC address entries on the VLAN or interface and discards the packets whose source MAC address is not in the MAC address table. |