MAC Address Entries Fail to Be Learned on an Interface

Procedure

1. Check the configuration on the switch.

   Check Item	Check Method	Follow-up Operation
   Has the VLAN that the interface belongs to been created?	Run the display vlan vlan-id command in any view. If the system displays the message "Error: The VLAN does not exist", the VLAN is not created.	Run the vlan vlan-id command in the system view to create the VLAN.
   Does the interface transparently transmit packets from the VLAN?	Run the display vlan vlan-id command in any view to check whether the interface name exists. If the name does not exist, the interface does not transparently transmit packets from the VLAN.	Run one of the following commands in the interface view to add the interface to the VLAN. Run the port trunk allow-pass vlan command if the interface is a trunk interface. Run the port hybrid tagged vlan or port hybrid untagged vlan command if the interface is a hybrid interface. Run the port default vlan command if the interface is an access interface.
   Is a blackhole MAC address entry configured?	Run the display mac-address blackhole command in any view to check whether a blackhole MAC address entry is configured.	If a blackhole MAC address entry is displayed, run the undo mac-address blackhole command to delete it.
   Is MAC address learning disabled on the interface or in the VLAN?	Run the display this | include learning command in the interface view and VLAN view to check whether the mac-address learning disable configuration exists. If the configuration exists, MAC address learning is disabled on the interface or in the VLAN.	Run the undo mac-address learning disable command in the interface view or VLAN view to enable MAC address learning.
   Is MAC address limiting configured on the interface and in the VLAN?	Run the display this | include mac-limit command in the interface view and VLAN view to check whether MAC address limiting is configured. If it is configured, the maximum number of learned MAC address entries is set.	Run the mac-limit command in the interface view or VLAN view to increase the maximum number of learned MAC address entries. Run the undo mac-limit command in the interface view or VLAN view to cancel MAC address limiting.
   Is port security configured on the interface?	Run the display this | include port-security command in the interface view to check whether port security is configured.	Run the undo port-security enable command in the interface view to disable port security. Run the port-security max-mac-num command in the interface view to increase the maximum number of secure dynamic MAC address entries on the interface.

   If the fault persists, go to step 2.

2. Check whether a loop causes MAC address flapping.
   1. Generally, MAC address flapping is caused by loops. Run the mac-address flapping detection command in the system view to configure MAC address flapping detection.
   2. The system checks all MAC addresses in the VLAN to detect MAC address flapping. Run the display mac-address flapping record command to check MAC address flapping records to determine whether a loop occurs.
   3. If MAC address flapping occurs, use the following methods to remove MAC address flapping:
      • Eliminate the loop.
      • Run the mac-learning priority command in the interface view to configure the MAC address learning priority for the interface so that a MAC address is learned by the correct interface.

   If the fault persists, go to step 3.

3. Check whether the number of learned MAC address entries has reached the maximum value. If the maximum value has been reached, the switch cannot learn new MAC address entries.
   • If the number of MAC address entries on the interface is less than or equal to the number of hosts connected to the interface, the switch is connected to more hosts than it supports. In this case, adjust the network deployment.
   • If the interface has learned more MAC address entries than the number of hosts connected to the interface, a MAC address attack may be in progress from the network attached to the interface. In this case, locate the attack source according to the following table.

     Scenario	Solution
     The interface connects to another network device.	Run the display mac-address command on the connected device to view MAC address entries. Locate the interface connected to the malicious user host based on the displayed MAC address entries. If the interface that you find is connected to another device, repeat this step until you find the malicious host.
     The interface connects to a host.	If possible, disconnect the host. When the attack stops, connect the host to the network again. Run the port-security enable command on the interface to enable port security or the mac-limit command to set the maximum number of MAC address entries to 1.
     The interface connects to a hub.	Configure port mirroring or use a packet analysis tool to analyze packets received by the interface. Analyze the packet types to locate the attacking host. If possible, disconnect the host. When the attack stops, connect the host to the hub again. If possible, disconnect hosts connected to the hub one by one. If the fault is rectified after a host is disconnected, the host is the attacker. After the host stops the attack, connect it to the hub again.

   If the number of MAC addresses that have learned by the device does not reach the maximum number of addresses allowed on the device but MAC addresses still cannot be learned, go to step 4.

4. Check whether a MAC address hash conflict alarm is generated on the device.

   L2IFPPI/4/MACHASHCONFLICTALARM: OID [oid] A hash conflict occurs in MAC addresses.(IfIndex=[INTEGER], MacAddr=[OPAQUE], VLAN=[GAUGE], VsiName=[OCTET1], InterfaceName=[OCTET2]).

   For details about how to handle this alarm, see L2IFPPI_1.3.6.1.4.1.2011.5.25.315.3.6 hwMacTrapHashConflictAlarm.