Assigning mac learning priority to interfaces, Enabling mac address synchronization, Configuring the mac address table – H3C Technologies H3C S12500-X Series Switches User Manual
Page 38: Overview, How a mac address entry is created
27
Step Command
Remarks
2.
Enter Layer 2 Ethernet
interface view..
interface interface-type
interface-number
N/A
3.
Enable the device to forward
frames with unknown source
MAC addresses after the
upper limit on the interface is
reached.
mac-address max-mac-count
enable-forwarding
By default, the interface forwards
frames with unknown source MAC
addresses after the upper limit is
reached.
Assigning MAC learning priority to interfaces
All networks that perform MAC-based forwarding are facing MAC address spoofing attacks. A device
might learn the MAC address of an upper layer device (a gateway, for example) to a downlink interface,
due to a loop or attack to the downlink interface.
To avoid the situation, the idea of MAC learning priority is introduced, where each interface is assigned
either low priority or high priority. An interface with high MAC learning priority can learn MAC
addresses as usual, but an interface with low MAC learning priority is not allowed to learn MAC
addresses already learned on a high-priority interface.
The MAC learning priority mechanism can help defend your network against MAC address spoofing
attacks. What you need to do is to assign an uplink interface high MAC learning priority, and a
downlink interface low MAC learning priority, preventing the downlink interface from learning the MAC
address of an upper layer device.
To assign MAC learning priority to an interface:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter interface view.
•
Enter Layer 2 Ethernet interface
view:
interface interface-type
interface-number
•
Enter Layer 2 aggregate interface
view:
interface bridge-aggregation
interface-number
N/A
3.
Assign MAC learning priority. mac-address mac-learning priority
{ high | low }
By default, low MAC learning
priority is used.
Enabling MAC address synchronization
To avoid unnecessary floods and improve forwarding speed, make sure all cards possess the same MAC
address table. After you enable MAC address table synchronization, each card advertises learned MAC
address entries to other cards. (In standalone mode.)