1-2
When receiving a frame destined for MAC-SOURCE, the device then looks up the MAC address table
and forwards it from Port 1.
To adapt to network changes, MAC address table entries need to be constantly updated. Each
dynamically learned MAC address table entry has a life period, that is, an aging timer. If an entry is not
updated before the aging timer expires, it will be deleted. If yes, the aging timer restarts the timing.
Manually configure a MAC address table entry
When a device dynamically learns MAC address table entries through source MAC address learning, it
cannot tell frames of legal users from those of hackers. This brings potential security hazards. For
example, if a hacker forges the MAC address of a legal user and uses it as the source MAC address of
the attack frames, and accesses the device from a different port than that used by the legal user, the
device will learn a forged MAC address entry, and forward frames destined for the legal user to the
hacker instead.
To enhance the security of a port, you can manually add MAC address entries into the MAC address
table of the device to bind specific user devices to the port, thus preventing hackers from stealing data
using forged MAC addresses. Manually configured MAC address table entries have a higher priority
than dynamically learned ones.
Types of MAC Address Table Entries
A MAC address table may contain the following types of entries:
z
Static entries, which are manually configured and never age out.
z
Dynamic entries, which can be manually configured or dynamically learned and may age out.
z
Blackhole entries, which are manually configured and never age out. Blackhole entries are
configured to filter frames with specific destination MAC addresses.
Dynamically-learned MAC addresses cannot overwrite static or blackhole MAC address entries, but the
latter can overwrite the former.
MAC Address Table-Based Frame Forwarding
When forwarding a frame, the device adopts the following two forwarding modes based on the MAC
address table:
z
Unicast mode: If an entry is available for the destination MAC address, the device forwards the
frame out the outgoing interface indicated by the MAC address table entry.
z
Broadcast mode: If the device receives a frame with the destination address being all ones, or no
entry is available for the destination MAC address, the device broadcasts the frame to all the
interfaces except the receiving interface.