143
Configuring the MAC address table
MAC address configurations related to interfaces apply to Layer 2 Ethernet interfaces and Layer 2
aggregate interfaces only.
This document covers only the configuration of unicast MAC address entries, including static,
dynamic, and blackhole entries.
Overview
To reduce single-destination packet flooding in a switched LAN, an Ethernet device uses a MAC
address table to forward frames. This table describes from which port a MAC address (or host) can
be reached. Upon receiving a frame, the device uses the destination MAC address of the frame to
look for a match in the MAC address table. If a match is found, the device forwards the frame out of
the outgoing interface in the matching entry. If no match is found, the device floods the frame out of
all but the incoming port.
How a MAC address entry is created
The device automatically learns entries in the MAC address table, or you can add them manually.
MAC address learning
The device can automatically populate its MAC address table by learning the source MAC addresses
of incoming frames on each port.
When a frame arrives at a port (for example, Port A), the device performs the following tasks:
1.
Verifies the source MAC address (for example, MAC-SOURCE) of the frame.
2.
Looks up the source MAC address in the MAC address table.
{
If an entry is found, the device updates the entry.
{
If no entry is found, the device adds an entry for MAC-SOURCE and Port A.
3.
When the device receives a frame destined for MAC-SOURCE after learning this source MAC
address, the device finds the MAC-SOURCE entry in the MAC address table and forwards the
frame out of Port A.
The device performs this learning process each time it receives a frame from an unknown source
MAC address until the MAC address table is fully populated.
Manually configuring MAC address entries
With dynamic MAC address learning, a device does not distinguish between illegitimate and
legitimate frames. For example, when a hacker sends frames with a forged source MAC address to a
port different from the one with which the real MAC address is associated, the device creates an
entry for the forged MAC address, and forwards frames destined for the legal user to the hacker
instead.
To improve port security, you can manually add MAC address entries to the MAC address table of
the device to bind specific user devices to the port.
Types of MAC address entries
A MAC address table can contain the following types of entries:
•
Static
entries
—Manually added and never age out.
•
Dynamic
entries
—Manually added or dynamically learned, and might age out.
Содержание FlexNetwork NJ5000
Страница 12: ...x Index 440 ...
Страница 39: ...27 Figure 16 Configuration complete ...
Страница 67: ...55 Figure 47 Displaying the speed settings of ports ...
Страница 78: ...66 Figure 59 Loopback test result ...
Страница 158: ...146 Figure 156 Creating a static MAC address entry ...
Страница 183: ...171 Figure 171 Configuring MSTP globally on Switch D ...
Страница 243: ...231 Figure 237 IPv6 active route table ...
Страница 293: ...281 Figure 298 Ping operation summary ...