1 introduction, 1 mac address table overview, 2 classification of mac address entries – Panasonic NN46240-502 User Manual

2 MAC address table configuration

Nortel Secure Router 8000 Series

Configuration - LAN Access and MAN Access

2.1 Introduction

This section describes the concepts that you need to know before you configure a MAC

address table:

• MAC address table overview

• Classification of MAC address entries

• MAC address learning limit

2.1.1 MAC address table overview

Each station or server, which is attached to a port on a router, has its own unique MAC

address. The MAC address table of a router contains the MAC addresses of all the devices

that are connected to the router.

Generally, a router automatically creates MAC address tables by learning the source addresses

of the connected devices.

Network administrators can manually bind a MAC address and a port in the table. This can

prevent malicious users with a counterfeit MAC address from logging on to the local device

through other switches.

2.1.2 Classification of MAC address entries

MAC address entries are classified into the following three types:

• Dynamic entries: Dynamic entries are learned and stored on interface boards. Dynamic

entries expire and are lost after hot swapping, interface-board resetting, or router

rebooting.

• Static entries: Users configure static entries, which are automatically delivered to each

interface board. Static entries do not expire and are not lost after hot swapping,

interface-board resetting, or router rebooting.

• Blackhole entries: Users configure blackhole entries, which are used to discard frames

containing a specified MAC address and are delivered to each interface board. Blackhole

entries do not expire and are not lost after hot swapping, or interface-board resetting, or

router rebooting.

2.1.3 MAC address learning limit

As a basic feature of Layer 2 forwarding, MAC address learning is automatically performed.

Thus, the learning process, which results in frequent attacks, is difficult to control.
By restricting the quantity of MAC addresses learned, you can control user access because the

MAC address is the basis of Layer 2 forwarding.
The MAC address learning limit controls MAC address learning by:

• setting the maximum number of MAC addresses to be learned

• controlling the speed of MAC addresses learning

• discarding or forwarding packets after the maximum number or speed of MAC address

learning is reached

• alarming network administrators after the maximum number or speed of MAC address

learning is reached

2-2

Nortel Networks Inc.

Issue 5.3 (30 March 2009)