< Home

MAC

Context

Each switch maintains a MAC address table. A MAC table records learned MAC addresses, VLAN IDs, and outbound interfaces. To forward data, the switch searches the MAC table based on destination MAC addresses and VLAN IDs carried in packets to determine the outbound interfaces for the packets. Therefore, broadcast traffic is reduced. Configure the following MAC address types and functions:
  • The interface obtains dynamic entries based on the learning of source MAC addresses. The dynamic entries can be aged.
  • Static MAC entries are manually configured and never age. For details, see Configuring a static MAC.
  • Blackhole MAC entries are used to discard data frames with the specified source or destination MAC addresses. Blackhole MAC entries are manually configured and never age. For details, see Configuring a blackhole MAC address entry.
  • ARP entry fixing can be configured to defend against ARP address spoofing attacks. For details, see Configuring ARP entry fixing.
  • Port security makes MAC addresses learned on an interface become secure MAC addresses to allow only hosts with secure MAC addresses and static MAC addresses to communicate with the switch through the interface, improving switch security. For details, see Configuring port security.

Procedure

  • Configuring MAC/IP address security and the aging time of dynamic MAC addresses
    1. Choose Configuration > Advanced Services > MAC, as shown in Figure 1.

      Figure 1 Querying MAC address entries

      Table 1 describes the parameters on the page.
      Table 1 Configuring MAC address aging and MAC address flapping detection

      Parameter

      Description

      MAC/IP address security

      Specifies whether to enable the ARP gateway anti-collision function.

      Dynamic MAC address aging

      Specifies whether to configure the aging time of MAC address entries.

      Dynamic MAC address aging time(s)

      Specifies the aging time of dynamic MAC address entries.

      MAC address flapping detection

      Specifies whether to configure global MAC address flapping detection.

      MAC address flapping aging time(s)

      Specifies the aging time of flapping MAC address entries.

    2. Set parameters.
    3. Click Apply.
  • Querying MAC address entries
    1. Choose Configuration > Advanced Services > MAC, as shown in Figure 1.
    2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed.
    3. Click Refresh to refresh entries in the MAC address list.
    4. Set search item for querying MAC address entries based on the MAC Address, Type, Outbound Interface and VLAN ID.
    5. Click . The search result is displayed.
  • Configuring a static user
    1. Choose Configuration > Advanced Services > MAC, as shown in Figure 1.
    2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed.
    3. Click Create Static MAC. The Create Static MAC page is displayed, as shown in Figure 2.

      Figure 2 Creating a static mac

    4. Set parameters.
    5. Click OK.
  • Creating a static secure MAC address
    1. Choose Configuration > Advanced Services > MAC, as shown in Figure 1.
    2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed.

      Before creating a static secure MAC address, enable port security by referring to Configuring port security.

      After port security is enabled, a yellow shield identifier next to the interface is displayed.

    3. Click Create Secure MAC. The Create Secure MAC page is displayed, as shown in Figure 3.

      Figure 3 Creating a secure MAC address

    4. Set parameters.
    5. Click OK.
  • Deleting MAC address entries
    1. Choose Configuration > Advanced Services > MAC, as shown in Figure 1.
    2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed.
    3. Select an entry and click Delete MAC. The system asks you whether to delete the entry.
    4. Click OK.
  • Configuring a blackhole MAC address entry
    1. Choose Configuration > Advanced Services > MAC, as shown in Figure 1.
    2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed.
    3. Select an entry and click Convert to Blackhole MAC. The system asks you whether to configure the entry as a blackhole MAC address entry.

      Only dynamic MAC address entries can be configured as blackhole MAC address entries.

      After dynamic MAC address entries are configured as blackhole MAC address entries, select Select all interfaces so that they can be displayed in the MAC address list.

    4. Click OK.
  • Configuring fixing of ARP entries
    1. Choose Configuration > Advanced Services > MAC, as shown in Figure 1.
    2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed.
    3. Select an entry and click Fix MAC. The system asks you whether to fix the MAC address entry.

      Only dynamic MAC address entries can be fixed.

    4. Click OK.
  • Configuring port security
    1. Choose Configuration > Advanced Services > MAC, as shown in Figure 1.
    2. Click the MAC Security tab. The MAC Security tab page is displayed.
    3. Select a port, as shown in Figure 4.

      Figure 4 Configuring port security

      Table 2 describes parameters on the MAC Security tab page.

      Table 2 Configuring port security

      Parameter

      Description

      Interface Name

      -

      Interface Security

      If a network requires high access security, you can configure port security on specified ports. MAC addresses learned by these ports are changed to dynamic secure MAC addresses or sticky MAC addresses. When the number of learned MAC addresses reaches the limit, the ports do not learn new MAC addresses. This prevents devices with untrusted MAC addresses from connecting to these ports, improving security of the devices and the network.

      MAC Address Limit (1-1024)

      Maximum number of MAC addresses that can be learned by a port.

      Sticky MAC

      Sticky MAC addresses will not be aged out and will exist after the device restarts.

      Port Security Aging Time

      The aging time of secure dynamic MAC addresses on an interface.

    4. Set parameters.
    5. Click Apply.
  • Configuring MAC address learning
    1. Choose Configuration > Advanced Services > MAC, as shown in Figure 1.
    2. Click the MAC Address Learning tab to access the MAC Address Learning page and select the interface to be configured in the interface selection area, as shown in Figure 5.

      Figure 5 Configuring MAC address learning

    3. Click Enable or Disable to enable or disable MAC address learning on the interface.
  • Checking MAC address flapping information
    1. Choose Configuration > Advanced Services > MAC, as shown in Figure 1.
    2. Click the MAC Flapping tab to access the MAC Flapping page, as shown in Figure 6.

      Figure 6 MAC Flapping page

    3. Click Refresh to refresh MAC address flapping information.
Parent Topic: Advanced Services
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >