< Home

mac-learning priority

Function

The mac-learning priority command sets the MAC address learning priority of an interface.

The undo mac-learning priority command restores the default MAC learning priority of an interface.

By default, the MAC address learning priority of an interface is 0.

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this configuration.

Format

mac-learning priority priority-id

undo mac-learning priority

Parameters

Parameter

Description

Value

priority priority-id

Specifies the MAC address learning priority of an interface.

The value is an integer that ranges from 0 to 3. A larger value indicates a higher priority.

Views

GE interface view, XGE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view, 25GE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An uplink interface of the switch is connected to a server, and downlink interfaces are connected to users. To prevent unauthorized users from using the server MAC address to connect to the switch, run the mac-learning priority command to set the priority of the uplink interface to be higher than the user-side interfaces. When these interfaces learn the same MAC address, the MAC address entry learned by the uplink interface overrides MAC address entries learned by the user-side interfaces. Therefore, the switch will not learn MAC addresses of unauthorized users, and authorized users can access the server and use network resources.

You can run the undo mac-learning priority allow-flapping command to forbid MAC address flapping between interfaces with the same priority.

Both the undo mac-learning priority allow-flapping command and the mac-learning priority command can prevent MAC address flapping. The difference between the two commands is as follows:

  • The undo mac-learning priority allow-flapping command prevents MAC address flapping between interfaces with the same priority. If an attacker uses the server MAC address to connect to the switch after the server is powered off, the switch learns the MAC address of the forged server. After the real server is powered on, the switch cannot learn the correct server MAC address.
  • The mac-learning priority command prevents MAC address flapping between interfaces with different priorities. If an attacker uses the server MAC address to connect to the switch after the server is powered off, the switch learns the MAC address of the forged server. After the real server is powered on, the switch can learn the correct server MAC address.

Precautions

If you run the mac-learning priority command multiple times in the same interface view, only the latest configuration takes effect.

The function is not supported for the MAC address entries in a VSI.

Example

# Set the MAC address learning priority of GigabitEthernet0/0/2 to 3.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/2
[HUAWEI-GigabitEthernet0/0/2] mac-learning priority 3
Parent Topic: MAC Address Table Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >