Ntroduction to the, Umber, Imitation – QTECH QSW-3400 Инструкция по настройке User Manual

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

340

Chapter 41 The Number Limitation Function of

MAC and IP in Port, VLAN Configuration

41.1 Introduction to the Number Limitation Function of MAC and
IP in Port, VLAN

MAC address list is used to identify the mapping relationship between the destination MAC

addresses and the ports of switch. There are two kinds of MAC addresses in the list: static

MAC address and dynamic MAC address. The static MAC address is set by users, having the

highest priority (will not be overwritten by dynamic MAC address), and will always be effective;

dynamic MAC address is learnt by the switch through transmitting data frames, and will only

be effective in a specific time range. When the switch receives a data framed waiting to be

transmitted, it will study the source MAC address of the data frame, build a mapping

relationship with the receiving port, and then look up the MAC address list for the destination

MAC address. If any matching list entry is found, the switch will transmit the data frame via the

corresponding port, or, the switch will broadcast the data frame over the VLAN it belongs to. If

the dynamically learnt MAC address matches no transmitted data in a long time, the switch will

delete it from the MAC address list.

Usually the switch supports both the static configuration and dynamic study of MAC address,

which means each port can have more than one static set MAC addresses and dynamically

learnt MAC addresses, and thus can implement the transmission of data traffic between port

and known MAC addresses. When a MAC address becomes out of date, it will be dealt with

broadcast. No number limitation is put on MAC address of the ports of our current switches;

every port can have several MAC addressed either by configuration or study, until the

hardware list entries are exhausted. To avoid too many MAC addresses of a port, we should

limit the number of MAC addresses a port can have.

For each INTERFACE VLAN, there is no number limitation of IP; the upper limit of the number

of IP is the upper limit of the number of user on an interface, which is, at the same time, the

upper limit of ARP and ND list entry. There is no relative configuration command can be used

to control the sent number of these list entries. To enhance the security and the controllability

of our products, we need to control the number of MAC address on each port and the number

of ARP, ND on each INTERFACE VLAN. The number of static or dynamic MAC address on a

port should not exceed the configuration. The number of user on each VLAN should not

exceed the configuration, either.

Limiting the number of MAC and ARP list entry can avoid DOS attack to a certain extent. When

malicious users frequently do MAC or ARP cheating, it will be easy for them to fill the MAC and