MAC address is the network device in the same physical address, the access control (MAC) address on the access switch port control, so that also the safety of the port security of the MAC. In the switch CAM (Content Addressable Memory, content addressable memory table) tables, also known as a MAC address table, which records the mapping between the MAC address, port number, those vlan connected to the switch device and the like.
A, MAC address table is divided into three
1, a static MAC address bound by hand, a higher priority than the dynamic MAC address
2, the dynamic MAC address table, the switch receives the data frame will mac learned source MAC address table.
3, the black hole MAC address table, automatic or manual binding study, for dropping a specified MAC address
Two, MAC address table management command
1, see the mac address table
<Huawei>display mac-address
2, configure a static mac address table
[Huawei] mac-address static 5489-98C0-7E34 GigabitEthernet 0/0/1 vlan 1 mac address to bind to the interface g0 / 0/1 effective in vlan1
3, blackhole mac address table
[Huawei] mac-address blackhole 5489-987f-161a vlan 1 discards the received frame source or destination mac For this reason in the vlan1
4, prohibiting port address learning mac, mac address learning function can be disabled in the port or vlan
[Huawei-GigabitEthernet0/0/1]mac-address learning disable action discard
Mac address learning is prohibited, all frames received and discarded, can be arranged in the vlan
[Huawei-GigabitEthernet0/0/1] mac-address learning disable action forward
Prohibition learning mac address, but will receive a frame with redness way forward (switch to unknown destination mac address forwarding principle), may be disposed in vlan
5, to limit the number of MAC address learning, or port can be configured vlan
[Huawei-GigabitEthernet0/0/1]mac-limit maximum 9 alarm enable
Mac address learning limit switch number is 9, and exceeds an alarm when the number exceeds the number of MAC ports will not be learned, but can be forwarded by redness (unknown destination mac address switch for forwarding principle), may be in vlan configure
6, dynamic port security mac address
This function is dynamically learned MAC address to the security attribute, MAC has not been learned other non-security attributes of dropped frames will be
[Huawei-GigabitEthernet0 / 0/3] port-security enable open port security
[Huawei-GigabitEthernet0 / 0/3] port-security max-mac-num 1 safety limit of the maximum number of MAC addresses 1, default 1
[Huawei-GigabitEthernet0 / 0/3 ] port-security protect-action? Configure other non-secure mac address of the data frame processing operation
protect Discard packets discarded, no alarm is generated
restrict Discard packets and warning discarded, generates alarm information (default)
discarding the shutdown shutdown and shutdown port
[Huawei-GigabitEthernet0 / 0/3] aging time port-security aging-time configuration secure MAC address 300 300s, default aging
Port security dynamic MAC address, then the above configuration, in g0 / 0/3-port learned MAC address is set to a first secure MAC address, the MAC address is not given in addition to other words in the access port forwarding, after 300s refresh secure MAC address table, and re-learning secure MAC addresses (which MAC address) on first come first port and is set to be learned secure MAC addresses, but a reboot secure MAC addresses will be cleared to re-learn.
7, the port security MAC address Sticky viscous paste
This feature and port security mac address has been dynamic, the only difference is: Paste the MAC address will not be aging, the exchange restart after the cut still exists, dynamic security mac address can only be learned dynamic and secure MAC can paste dynamic learning can also be configured manually.
[Huawei-GigabitEthernet0 / 0/3] port-security enable open port security
[Huawei-GigabitEthernet0 / 0/3] port-security mac-address sticky paste open safety MAC functions
[Huawei-GigabitEthernet0 / 0/3] port-security max-mac-num 1 safety limit of the maximum number of MAC addresses 1, default 1
[Huawei-GigabitEthernet0 / 0/3] port-security mac-address sticky 5489-98D8-71D5 vlan 1 paste manual binding and MAC address belongs vlan
[Huawei-GigabitEthernet0 / 0/3] port-security protect-action restrict the configuration of other non-secure mac address processing operation of the data frame
查看粘贴MAC地址状态
[Huawei-GigabitEthernet0/0/3] display mac-address
MAC address table of slot 0:
-------------------------------------------------------------------------------
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID
VSI/SI MAC-Tunnel
-------------------------------------------------------------------------------
5489-98d8-71d5 1 - - GE0/0/3 sticky -
-------------------------------------------------------------------------------
Total matching items on slot 0 displayed = 1
[Huawei-GigabitEthernet0/0/3]
8, the anti-drift function MAC address
MAC address flapping is this: In an interface learned MAC addresses in a vlan with the other interface is also learned, MAC address after learning this information will cover the first MAC address information learned (the frequent changes in the interface) this situation most of the time that a loop occurs, so this feature can also be used to troubleshoot and resolve loops.
MAC address to prevent drift function principle is configured on the interface priority, high priority to learn the MAC address of the interface will not be learned on the other interfaces of low priority vlan barrel, if you can configure the same priority do not allow the same priority level interface to the same MAC address learning.
[Huawei] mac-address flapping detection globally on the MAC detects drift
[Huawei]interface g0/0/2
[Huawei-GigabitEthernet0 / 0/2] mac-learning priority 3 priority of the interface g0 / 0/2 to 3, 0 is the default
[Huawei-GigabitEthernet0 / 0/2] mac-address flapping trigger the error-down interface MAC address drifts off
[Huawei-GigabitEthernet0/0/2]quit
[Huawei]interface g0/0/3
[Huawei-GigabitEthernet0 / 0/3] mac-address flapping trigger the error-down off the interface MAC address flapping occurs
[Huawei-GigabitEthernet0/0/3]quit
After the configuration, when the MAC g0 / 0/2 is shifted to the g0 / 0/3, g0 / 0/3 port is disabled.
See MAC address flapping record command: [Huawei] display mac-address flapping record view MAC address recorded drift
9, configured to discard the all-zero MAC address of the function
Some host or device in the event of failure, the network will send the full source and destination MAC addresses of all zeros to the frame, the switch can be configured to discard these error packets.
[Huawei] drop illegal-mac enable open discard all zero function mac address
[Huawei] snmp-agent trap enable feature-name lldptrap lldptrap alarm function is turned snmp
[Huawei] drop illegal-mac alarm open all-0 packets received alarm function, the prerequisite is to open snmp alarm function of lldptrap
10, MAC address refresh functions arp
After mac information update (e.g., the user changes access port) automatic refresh function arp entry
[Huawei]mac-address update arp
11, configure the port bridging function
Normally, the switch with the source MAC address and destination MAC address of the interface is an interface with a packet, the packet is considered invalid packets, discarded, but the source MAC data frames and in some cases and indeed the destination MAC address is the same outgoing interface, in order to allow the switch can not be discarded frames in these special cases need to enable the exchange port bridge function, such as the switch device is not linked to the HUB Layer forwarding capability, the hang or a plurality of servers enabled virtual machines, so that the device attached to the host communication is following the same interface and received by the switch, so these frames are normal frames can not be discarded.
[Huawei]interface g0/0/10
[Huawei-GigabitEthernet0 / 0/10] port bridge enable the interface to open the bridge function
[Huawei-GigabitEthernet0 / 0/10 ] quit
description: https: //blog.csdn.net/alone_map/article/details/52459199