Configuring mac address table, Overview, How a mac address table entry is created – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 42: Mac address learning, Manually configuring mac address entries, Types of mac address table entries
32
Configuring MAC address table
Overview
An Ethernet device uses a MAC address table for forwarding frames through unicast instead of
broadcast. This table describes from which port a MAC address (or host) can be reached. When
forwarding a frame, the device first looks up the MAC address of the frame in the MAC address table for
a match. If an entry is found, the device forwards the frame out of the outgoing port in the entry. If no
entry is found, the device broadcasts the frame out of all but the incoming port.
How a MAC address table entry is created
The entries in the MAC address table come from two sources: automatically learned by the device and
manually added by the administrator.
MAC address learning
The device can automatically populate its MAC address table by learning the source MAC addresses of
incoming frames on each port.
When a frame arrives at a port, Port A for example, the device performs the following tasks:
1.
Checks the source MAC address (MAC-SOURCE for example) of the frame.
2.
Looks up the MAC address in the MAC address table.
3.
If an entry is found, updates the entry. If no entry is found, adds an entry for MAC-SOURCE and
Port A.
The device performs the learning process each time it receives a frame from an unknown source MAC
address, until the MAC address table is fully populated.
After learning the source MAC address of a frame, the device looks up the destination MAC address in
the MAC address table. If an entry is found for the MAC address, the device forwards the frame out of
the specific outgoing port, Port A in this example.
Manually configuring MAC address entries
With dynamic MAC address learning, a device does not distinguish between illegitimate and legitimate
frames, which can invite security hazards. For example, when a hacker sends frames with a forged
source MAC address to a port different from the one where the real MAC address is connected to, the
device creates an entry for the forged MAC address, and forwards frames destined for the legal user to
the hacker instead.
To enhance the security of a port, you can manually add MAC address entries to the MAC address table
of the device to bind specific user devices to the port. Because manually configured entries have higher
priority than dynamically learned ones, you can prevent hackers from stealing data using forged MAC
addresses.
Types of MAC address table entries
A MAC address table can contain the following types of entries:
•
Static entries—Manually added and never age out.