Enabling mac address synchronization – H3C Technologies H3C S5560 Series Switches User Manual
Page 45
11
The MAC learning priority mechanism assigns either low priority or high priority to an interface. An
interface with high priority can learn MAC addresses as usual. However, an interface with low priority
is not allowed to learn MAC addresses already learned on a high-priority interface.
The MAC learning priority mechanism can help defend your network against MAC address spoofing
attacks. In a network that performs MAC-based forwarding, an upper layer device MAC address might
be learned by a downlink interface because of a loop or attack to the downlink interface. To avoid this
problem, perform the following tasks:
•
Assign high MAC learning priority to an uplink interface.
•
Assign low MAC learning priority to a downlink interface.
To assign MAC learning priority to an interface:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter interface view.
•
Enter Layer 2 Ethernet interface
view:
interface interface-type
interface-number
•
Enter Layer 2 aggregate interface
view:
interface bridge-aggregation
interface-number
N/A
3.
Assign MAC learning priority
to the interface.
mac-address mac-learning priority
{ high | low }
By default, low MAC learning
priority is used.
Enabling MAC address synchronization
To avoid unnecessary floods and improve forwarding speed, make sure all member devices have the
same MAC address table. After you enable MAC address synchronization, each member device
advertises learned MAC address entries to other member devices.
As shown in
,
•
Device A and Device B form an IRF fabric enabled with MAC address synchronization.
•
Device A and Device B connect to AP C and AP D, respectively.
When Client A associates with AP C, Device A learns a MAC address entry for Client A and advertises
it to Device B.