MAC address learning

Knowledge focus:

• Know the MAC address:
  • Introduction to MAC:

MAC (Media Access Control) addresses are used to define the location of network devices. The MAC address is composed of 48-bit long and 12-digit hexadecimal numbers, starting from left to right, 0 to 23 bits are the codes that the manufacturer applies to IETF and other organizations to identify the manufacturer, and 24 to 47 bits are assigned by the manufacturer itself. A unique number for all network cards manufactured by the manufacturer.

• Classification of MAC addresses:

1. From a structural point of view:

Unicast address: The lowest bit of the first byte is 0, for example: 0==0==-e0-fc-00-00-06, that is, 0000 000==0==-…

Multicast address: The lowest bit of the first byte is 1, for example: 0==1==-e0-fc-00-00-06, that is, 0000 000==1==-…

Broadcast address: 48 bits are all 1, for example: ff-ff-ff-ff-ff-ff, that is, 11111111-…

1. Divided from a functional point of view:

mac address table type	features	effect
dynamic mac address	It is learned by the interface through the source MAC address in the packet, and the entry can be aged. After the system is reset, the interface board is hot-plugged, or the interface board is reset, the dynamic entries will be lost.	By checking the dynamic MAC address entries, you can determine whether there is data forwarding between two connected devices. By viewing the number of specified dynamic MAC address entries, you can obtain the number of users communicating on the interface.
static mac address	It is manually configured by the user and delivered to each interface board, and the entries cannot be aged out. After the system is reset, the interface board is hot-plugged, or the interface board is reset, the saved entries will not be lost. After an interface is statically bound to a MAC address, packets with the source MAC address received by other interfaces will be discarded. A static MAC address entry can only be bound to one outgoing interface. After an interface is statically bound to a MAC address, it will not affect the learning of dynamic MAC address entries of the interface.	By binding static MAC address entries, you can ensure the use of legitimate users and prevent other users from using the MAC address to attack.
black hole mac address	It is manually configured by the user and delivered to each interface board, and the entries cannot be aged out. After the system is reset, the interface board is hot-plugged, or the interface board is reset, the saved entries will not be lost. After a blackhole MAC address is configured, packets with the source MAC address or destination MAC address of this MAC address will be discarded.	By configuring blackhole MAC address entries, illegal users can be filtered out.

 

1. From the perspective of transmission :

SMAC: Source Mac, source MAC address, the original source MAC address of the message.

DMAC : Destination Mac, the destination MAC address, and the MAC address to which the message should be sent.

• MAC address learning aging drift:
  • The learning process of MAC address:

In general, the mac address table is established based on the automatic learning of the original mac address of the received data frame; when the terminal device sends a data frame to the switch:

1. If the source mac address in the sent data frame is not in the mac address table of the switch, the device will parse and learn the new MAC address, the port and VLAN ID corresponding to the MAC address from the data frame, and add it as a new entry into the MAC address table.
2. If the source mac address in the sent data frame is in the mac address table of the switch, the device will update the entry by resetting the aging time of the entry.
3. If the destination mac address in the sent data frame is in the mac address table of the switch, the device will send the corresponding data frame through the corresponding interface.

• Aging of MAC addresses:

Introduction: In order to adapt to changes in the network, the MAC table needs to be updated continuously. The automatically generated entries in the MAC table (that is, dynamic entries) are not always valid. Each entry has a life cycle, and the entries that cannot be updated after reaching the life cycle will be deleted. This life cycle is called aging. time.

Principle: The aging time of the mac address table is generally set to the default time (it can also be manually configured). The timing begins after a mac address record is added to the mac address table. If each port does not receive a frame with the source address as the MAC address within the aging time, these addresses will be forwarded from the dynamic forwarding address table (by source MAC address, destination MAC address, etc.) addresses and their corresponding port numbers of the switch) are deleted. The static MAC address table is not affected by the address aging time.

• MAC address drift:

Introduction: MAC address flapping refers to the phenomenon that two ports in a VLAN on a device learn the same MAC address, and the later learned MAC address entries overwrite the original MAC address entries.

When pc1 sends a data frame to swA, SWA sends a data frame to SWB, and SWB learns the mac address from GE1/0/1; then after SWA sends a data frame to SWC, SWC also sends a data frame to SWB. SWB learns from GE1/0/1 GE1/0/2 learns the mac address; the address keeps drifting between GE1/0/1 and GE1/0/ports of the switch.

Reasons for mac address drifting: This phenomenon generally means that there is a loop in the network. You can quickly locate and eliminate the loop by checking the alarm information and drifting records.