Types of mac address entries, Mac address table-based frame forwarding, Configuration procedure – H3C Technologies H3C WX5500E Series Access Controllers User Manual

22

To improve the port security and prevent hackers from stealing data by using forged MAC addresses, you

can bind specific user devices to the port by manually adding MAC address entries to the MAC address
table of the device.

Types of MAC address entries

A MAC address table can contain the following types of entries:

•

Static entries—Static entries are manually added in order to forward frames with specific
destination MAC addresses out of their associated ports and never age out.

•

Dynamic entries—Dynamic entries can be manually added or dynamically learned in order to
forward frames with specific destination MAC addresses out of their associated ports and might

age out.

•

Blackhole entries—Blackhole entries are manually configured and never age out. Blackhole entries
are configured for filtering out frames with specific source or destination MAC addresses. For

example, to block all packets destined for a specific user for security concerns, you can configure
the MAC address of this user as a blackhole MAC address entry.

To adapt to network changes and prevent inactive entries from occupying table space, an aging

mechanism is adopted for dynamic MAC address entries. Each time a dynamic MAC address entry is

learned or created, an aging timer starts. If the entry has not updated when the aging timer expires, the
device deletes the entry. If the entry has updated before the aging timer expires, the aging timer restarts.
A static or blackhole unicast MAC address entry can overwrite a dynamic MAC address entry, but not

vice versa.

MAC address table-based frame forwarding

When forwarding a frame, the device adopts the following forwarding modes based on the MAC

address table:

•

Unicast mode—If an entry is available for the destination MAC address, the device forwards the
frame out of the outgoing port indicated by the MAC address entry.

•

Broadcast mode—If the device receives a frame with the destination address as all-ones, or no entry

is available for the destination MAC address, the device broadcasts the frame to all interfaces
except the receiving interface.

Configuration procedure

The configuration tasks discussed in the following sections are all optional and can be performed in any
order.
The MAC address table can contain only Layer 2 Ethernet ports and Layer 2 aggregate interfaces.
This document covers the configuration of unicast MAC address entries, including static, dynamic, and

blackhole MAC address entries. For information about configuring static multicast MAC address entries,

see IP Multicast Configuration Guide.