HCIE-RS interview--MAC address drift and countermeasures

Enterprise 2021-03-01 01:26:27 views: null

You thought I was going to introduce drift.

Insert picture description here

The drift that I want to introduce in practice

Insert picture description here
a little cold……Insert picture description here

Get to the point!

What is MAC address drift

The phenomenon that two ports in a VLAN of the device learn the same mac address, and the mac address table entries learned later overwrite the original mac address table entries.
Under normal circumstances, there will not be a large number of mac address drifting in the network in a short time. After it occurs, it means that there is a layer 2 loop in the network. At this time, the device's cpu occupancy rate will increase to varying degrees.
You can locate and eliminate loops by viewing alarm information and drift records.
In layman's terms, the brain of the switch sometimes thinks that the data should be sent from the A interface, and sometimes thinks that the data should be sent from the B interface, which interface should be sent from, the correct answer floats around, and the brain is watt...

How to detect MAC address flapping

The function of detecting whether the MAC address has drifted by using the phenomenon of the MAC address outgoing interface jump.
After configuring this function, the next time the MAC address drifts, the alarm information can be reported. This information includes alarms for information such as the MAC address, VLAN, and hopped interface. Among them, the hopping interface is the interface where the loop may occur. After we see this information, we can manually troubleshoot the source of the loop, or let the hopped interface down or let the vlan exit from the port to automatically break the loop.
Network diagram of MAC address flapping detection

How to prevent MAC address from drifting

The occurrence of loops or network *** will cause MAC address drift.

Improve interface MAC address learning priority

When different interfaces learn the same mac address table entry, the mac address table entry learned by the high-priority interface can overwrite the mac address table entry learned by the low-priority interface to prevent the mac address from drifting between interfaces

Do not allow MAC address table overwriting on interfaces with the same priority

When the priority of the port connected to the forged network device is the same as that of the secure network device, the MAC address entries of the forged network device learned later will not overwrite the previous correct entries. However, if the network device is powered off, it will still learn the MAC address of the forged network device. When the network device is powered on again, it will not be able to learn the correct MAC address.Insert picture description here

Guess you like

Origin blog.51cto.com/1965839/2642001
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com