This document covers the configuration of unicast MAC address entries, including static, dynamic, blackhole, and multiport unicast MAC address entries. For more information about configuring static multicast MAC address entries, see IGMP snooping and IPv6 multicast routing and forwarding in IP Multicast Configuration Guide. For more information about MAC address table configuration in VPLS, see MPLS Configuration Guide.

display mac-address

Use display mac-address to display MAC address entries.

Syntax

display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type interface-number ] | blackhole | multiport ] [ vlan vlan-id ] [ count ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

mac-address: Specifies a MAC address in the format of H-H-H. When entering a MAC address, you can omit the leading zeros in each H section. For example, enter f-e2-1 for 000f-00e2-0001.

vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

dynamic: Displays dynamic MAC address entries.

static: Displays static MAC address entries.

interface interface-type interface-number: Specifies an interface by its type and number.

blackhole: Displays blackhole MAC address entries.

multiport: Displays multiport unicast MAC address entries.

count: Displays only the number of MAC address entries that match all entry attributes you specify in the command. Detailed information about MAC address entries is not displayed. For example, you can use the display mac-address vlan 20 dynamic count command to display the number of dynamic entries for VLAN 20. If you do not specify an entry attribute, the command displays the number of entries in the MAC address table. If you do not specify this keyword, the command displays detailed information about the specified MAC address entries.

Usage guidelines

A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID.

If you do not specify any parameters, the command displays all MAC address entries.

This command displays dynamic MAC address entries for an aggregate interface only when the aggregate interface has a minimum of one Selected member port.

Multiport unicast MAC address entries have no impact on the MAC address learning. When receiving a frame whose source MAC address matches a multiport unicast entry, the device can still learn the MAC address of the frame and generate a dynamic entry. However, the generated dynamic entry has lower priority. The device prefers to use the multiport unicast entry to forward frames destined for the MAC address in the entry.

Examples

# Display MAC address entries for VLAN 100.

<Sysname> display mac-address vlan 100

MAC Address VLAN ID State Port/Nickname Aging

0001-0101-0101 100 Multiport XGE1/0/1 N

XGE1/0/2

0033-0033-0033 100 Blackhole N/A N

0000-0000-0002 100 Static XGE1/0/3 N

00e0-fc00-5829 100 Learned XGE1/0/4 Y

# Display the number of MAC address entries.

<Sysname> display mac-address count

1 mac address(es) found.

Table 1 Command output

Field	Description
VLAN ID	ID of the VLAN to which the outgoing interface of the MAC address entry belongs.
State	MAC address entry state: · Static—Static MAC address entry. · Learned—Dynamic MAC address entry. Dynamic entries can be learned or manually configured. · Blackhole—Blackhole MAC address entry. · Multiport—Multiport unicast MAC address entry. · OpenFlow—MAC address entry for an OpenFlow instance.
Port/Nickname	When the field displays an interface name, the field indicates the outgoing interface for packets that are destined for the MAC address. This field displays N/A for a blackhole MAC address entry.
Aging	Whether the entry can age out: · Y—The entry can age out. · N—The entry never ages out.
mac address(es) found	Number of matching MAC address entries.

Related commands

mac-address

mac-address timer

display mac-address aging-time

Use display mac-address aging-time to display the aging timer for dynamic MAC address entries.

Syntax

display mac-address aging-time

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display the aging timer for dynamic MAC address entries.

<Sysname> display mac-address aging-time

MAC address aging time: 300s.

Related commands

mac-address timer

display mac-address mac-learning

Use display mac-address mac-learning to display the global MAC address learning status and the MAC learning status of the specified interface or all interfaces.

Syntax

display mac-address mac-learning [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays the global MAC address learning status and the MAC address learning status of all interfaces.

Examples

# Display the global MAC address learning status and the MAC learning status of all interfaces.

<Sysname> display mac-address mac-learning

Global MAC address learning status: Enabled.

Port Learning Status

XGE1/0/1 Enabled

XGE1/0/2 Enabled

Table 2 Command output

Field	Description
Global MAC address learning status	Global MAC address learning status: · Enabled. · Disabled.
Learning Status	MAC address learning status of an interface: · Enabled. · Disabled.

Field

Description

Global MAC address learning status

Global MAC address learning status:

· Enabled.

· Disabled.

Learning Status

MAC address learning status of an interface:

· Enabled.

· Disabled.

Related commands

mac-address mac-learning enable

display mac-address mac-move

Use display mac-address mac-move to display the MAC address move records after the device is started.

Syntax

In standalone mode:

display mac-address mac-move [ slot slot-number ]

In IRF mode:

display mac-address mac-move [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, the command displays MAC address move records for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, the command displays MAC address move records for all cards. (In IRF mode.)

Usage guidelines

When a MAC address frequently moves between the specified two interfaces, Layer 2 loops might occur in the network. To discover and locate loops, you can view the MAC address move records.

In the MAC address move records, records with the same MAC address, VLAN, source port, and current port are considered to be one record.

(In standalone mode.) A card can generate a maximum of 200 MAC address move records.

(In IRF mode.) Each card of an IRF member device can generate a maximum of 200 MAC move records.

Examples

# Display the MAC address move records for a slot.

<Sysname> display mac-address mac-move slot 1

MAC address VLAN Current port Source port Last time Times

0000-0001-002c 1 XGE1/0/1 XGE1/0/2 2013-05-20 13:40:52 1

0000-0001-002c 1 XGE1/0/2 XGE1/0/1 2013-05-20 13:41:30 1

--- 2 MAC address moving records found ---

# Display the MAC address move records for all slots.

<Sysname> display mac-address mac-move

MAC address VLAN Current port Source port Last time Times

0000-0001-002c 1 XGE1/0/1 XGE1/0/2 2013-05-20 13:40:52 20

0000-0001-002c 1 XGE1/0/2 XGE1/0/1 2013-05-20 13:41:32 20

0000-0094-0001 1 XGE1/0/3 XGE1/0/4 2013-05-20 13:42:22 13

0000-0094-0001 1 XGE1/0/4 XGE1/0/3 2013-05-20 13:42:21 12

--- 4 MAC address moving records found ---

Table 3 Command output

Field	Description
VLAN	VLAN to which the outgoing interface of the MAC address entry belongs.
Current port	Interface to which the MAC address was moved.
Source port	Interface from which the MAC address was moved.
Last time	Last time when the MAC address was moved.
Times	Number of MAC address moves after the device is started. For a MAC address record, the number of MAC address moves is increased by 1 when a new MAC address move has the same MAC address, VLAN, Current Port, and Source Port fields as the MAC address record.

Related commands

mac-address notification mac-move

display mac-address statistics

Use display mac-address statistics to display MAC address table statistics.

Syntax

display mac-address statistics

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

This command displays the number of MAC address entries per type and the maximum number of MAC address entries allowed for each type. The Total Unicast MAC Addresses Available field displays the maximum number of MAC address entries for the card that has the largest MAC address table.

Examples

# Display MAC address table statistics.

<Sysname> display mac-address statistics

MAC Address Count:

Dynamic Unicast Address (Learned) Count: 3

Dynamic Unicast Address (Security-service-defined) Count: 4

Static Unicast Address (User-defined) Count: 0

Static Unicast Address (System-defined) Count: 3

Total Unicast MAC Addresses In Use: 10

Total Unicast MAC Addresses Available: 32768

Multicast and Multiport MAC Address Count: 1

Static Multicast and Multiport MAC Address (User-defined) Count: 1

Total Multicast and Multiport MAC Addresses Available: 256

Table 4 Command output

Field	Description
Dynamic Unicast Address (Learned) Count	Number of dynamic unicast MAC address entries triggered by packets.
Dynamic Unicast Address (Security-service-defined) Count	Number of dynamic unicast MAC address entries triggered by the security service.
Static Unicast Address (User-defined) Count	Number of static unicast MAC address entries added by users.
Static Unicast Address (System-defined) Count	Number of static unicast MAC address entries added by the system.
Total Unicast MAC Addresses In Use	Number of unicast MAC address entries.
Total Unicast MAC Addresses Available	Maximum number of unicast MAC address entries allowed.
Multicast and Multiport MAC Address Count	Number of multicast and multiport unicast MAC address entries.
Static Multicast and Multiport MAC Address (User-defined) Count	Number of static multicast and multiport unicast MAC address entries added by users.
Total Multicast and Multiport MAC Addresses Available	Maximum number of multicast and multiport unicast MAC address entries allowed.

mac-address (interface view)

Use mac-address to add or modify a MAC address entry on an interface.

Use undo mac-address to delete a MAC address entry on an interface.

Syntax

Layer 2 Ethernet interface view and Layer 2 aggregate interface view:

mac-address { dynamic | multiport | static } mac-address vlan vlan-id

undo mac-address { dynamic | multiport | static } mac-address vlan vlan-id

S-channel interface view and S-channel aggregate interface view:

mac-address { dynamic | static } mac-address vlan vlan-id

undo mac-address { dynamic | static } mac-address vlan vlan-id

Default

An interface is not configured with MAC address entries.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

S-channel interface view

S-channel aggregate interface view

Predefined user roles

network-admin

mdc-admin

Parameters

dynamic: Specifies dynamic MAC address entries.

static: Specifies static MAC address entries.

multiport: Specifies multiport unicast MAC address entries. A frame whose destination MAC address matches a multiport unicast MAC address entry is sent out of multiple ports.

mac-address: Specifies a MAC address in the format of H-H-H, excluding multicast, all-zero, and all-F MAC addresses. When entering a MAC address, you can omit the leading zeros in each H section. For example, enter f-e2-1 for 000f-00e2-0001. The MAC address cannot be the base MAC address.

vlan vlan-id: Specifies an existing VLAN to which the specified interface belongs. The value range for the vlan-id argument is 1 to 4094.

Usage guidelines

Typically, the device automatically builds the MAC address table by learning the source MAC addresses of incoming frames on each interface. However, you can manually configure static MAC address entries. For a MAC address, a manually configured static entry takes precedence over a dynamically learned entry. To improve the security for the user device connected to an interface, manually configure a static entry to bind the user device to the interface. Then, the frames destined for the user device (for example, Host A) are always sent out of the interface. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A.

The MAC address entry configuration cannot survive a reboot unless you save it. The dynamic MAC address entries, however, are lost upon reboot whether or not you save the configuration.

Examples

# Add a static entry for MAC address 000f-e201-0101 on Ten-GigabitEthernet 1/0/1 that belongs to VLAN 2.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mac-address static 000f-e201-0101 vlan 2

# Add a static entry for MAC address 000f-e201-0101 on Bridge-Aggregation 1 that belongs to VLAN 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] mac-address static 000f-e201-0102 vlan 1

# Add a static entry for MAC address 000f-e201-0102 on S-Channel 1/0/1:10 that belongs to VLAN 1.

<Sysname> system-view

[Sysname] interface s-channel 1/0/1:10

[Sysname-S-Channel1/0/1:10] mac-address static 000f-e201-0102 vlan 1

# Add a static entry for MAC address 000f-e201-0102 on Schannel-Aggregation 1:2 that belongs to VLAN 1.

<Sysname> system-view

[Sysname] interface schannel-aggregation 1:2

[Sysname-Schannel-Aggregation1:2] mac-address static 000f-e201-0102 vlan 1

# Add a multiport unicast MAC address entry for MAC address 0001-0001-0101 on Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 that belong to VLAN 2.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mac-address multiport 0001-0001-0101 vlan 2

[Sysname-Ten-GigabitEthernet1/0/1] quit

[Sysname] interface ten-gigabitethernet 1/0/2

[Sysname-Ten-GigabitEthernet1/0/2] mac-address multiport 0001-0001-0101 vlan 2

Related commands

display mac-address

mac-address (system view)

Use mac-address to add or modify a MAC address entry.

Use undo mac-address to delete one or all MAC address entries.

Syntax

mac-address { dynamic | static } mac-address interface interface-type interface-number vlan vlan-id

mac-address blackhole mac-address vlan vlan-id

mac-address multiport mac-address interface interface-list vlan vlan-id

undo mac-address [ [ dynamic | static ] mac-address interface interface-type interface-number vlan vlan-id ]

undo mac-address [ blackhole | dynamic | static ] [ mac-address ] vlan vlan-id

undo mac-address [ dynamic | static ] interface interface-type interface-number

undo mac-address multiport mac-address interface interface-list vlan vlan-id

undo mac-address [ multiport ] [ [ mac-address ] vlan vlan-id ]

undo mac-address nickname nickname

undo mac-address mac-address nickname nickname vlan vlan-id

Default

The system is not configured with MAC address entries.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

dynamic: Specifies dynamic MAC address entries.

static: Specifies static MAC address entries.

blackhole: Specifies blackhole MAC address entries. Packets whose source or destination MAC addresses match blackhole MAC address entries are dropped.

multiport: Specifies multiport unicast MAC address entries. A frame whose destination MAC address matches a multiport unicast MAC address entry is sent out of multiple ports.

vlan vlan-id: Specifies an existing VLAN to which the interface belongs. The value range for the vlan-id argument is 1 to 4094.

interface interface-type interface-number: Specifies an outgoing interface by its type and number.

interface interface-list: Specifies a list of up to four interface items. Each interface item can be an individual interface in the format of interface-type interface-number or a range of interfaces in the format of interface-type interface-number1 to interface-type interface-number2. The interfaces can only be Layer 2 Ethernet interfaces or Layer 2 aggregate interfaces. The value for the interface-number2 argument cannot be lower than the value for the interface-number1 argument.

nickname nickname: Specifies an RB (through which the packets leave the TRILL network) by its nickname. The nickname is a hexadecimal number in the range of 1 to fffe.

Usage guidelines

You can use this command to configure the following types of MAC address entries:

· Dynamic entries.

Dynamic entries include manually configured dynamic entries and automatically learned dynamic entries.

· Static entries.

For a MAC address, a manually configured static entry takes precedence over a dynamic entry. To improve the security for the user device connected to an interface, manually configure a static entry to bind the user device to the interface. Then, the frames destined for the user device (for example, Host A) are always sent out of the interface. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A.

· Blackhole entries.

To drop frames with the specified source MAC addresses or destination MAC addresses, you can configure blackhole entries.

· Multiport unicast entries.

To send frames with a specific destination MAC address out of multiple ports, configure a multiport unicast entry. When you execute this command for the first time, the command adds an entry. When you execute the command again with the same MAC address and VLAN but with different interfaces, this command adds the specified interfaces for this entry.

A static or blackhole entry can overwrite a dynamic entry, but not vice versa.

If you execute the undo mac-address command without specifying any parameters, this command deletes all unicast MAC address entries and static multicast MAC address entries.

You can delete all the MAC address entries (including unicast and static multicast MAC address entries) from the specified VLAN. You can also delete only one type (dynamic, static, blackhole, or multiport unicast) of MAC address entries. You can single out an interface and delete the unicast MAC address entries on it, but not the static multicast MAC address entries. You can single out an RB through which the packets leave the TRILL network and delete the corresponding unicast MAC address entries.

The MAC address entry configuration cannot survive a reboot unless you save it. The dynamic MAC address entries, however, are lost upon reboot whether or not you save the configuration.

Examples

# Add a static entry for MAC address 000f-e201-0101. Then, all frames that are destined for this MAC address are sent out of Ten-GigabitEthernet 1/0/1, which belongs to VLAN 2.

<Sysname> system-view

[Sysname] mac-address static 000f-e201-0101 interface ten-gigabitethernet 1/0/1 vlan 2

# Add a multiport unicast MAC address entry for MAC address 000f-e201-0101. Then, all frames that are destined for this MAC address are sent out of Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3, which belong to VLAN 2.

<Sysname> system-view

[Sysname] mac-address multiport 000f-e201-0101 interface ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/3 vlan 2

Related commands

display mac-address

mac-address (interface view)

mac-address mac-learning enable

Use mac-address mac-learning enable to enable MAC address learning globally, on an interface, or on a VLAN.

Use undo mac-address mac-learning enable to disable MAC address learning globally, on an interface, or on a VLAN.

Syntax

mac-address mac-learning enable

undo mac-address mac-learning enable

Default

MAC address learning is enabled.

Views

System view

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

S-channel interface view

S-channel aggregate interface view

VLAN view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

To prevent the MAC address table from becoming saturated, you can disable MAC address learning.

For example, a number of packets with different source MAC addresses reaching a device can affect the MAC address table update. To avoid such attacks, you can disable MAC address learning by following these guidelines:

· You can disable MAC address learning on a per-interface basis. If you disable MAC address learning globally, MAC address learning is disabled for all interfaces. The device then stops learning MAC addresses and cannot dynamically update the MAC address table.

· Because disabling MAC address learning can result in broadcast storms, enable broadcast storm suppression after you disable MAC address learning on an interface. For more information about broadcast storm suppression, see Interface Configuration Guide.

· With MAC address learning enabled globally, you can disable MAC address learning for an interface or VLAN.

· After MAC address learning is disabled, the device immediately deletes existing dynamic MAC address entries.

This command does not take effect on a TRILL network, S-channel, VPLS VSI, EVB VSI, or VXLAN VSI. For information about TRILL, see TRILL Configuration Guide. For information about VPLS VSIs, see MPLS Configuration Guide. For information about S-channels and EVB VSIs, see EVB Configuration Guide. For information about VXLAN VSIs, see VXLAN Configuration Guide.

Examples

# Disable MAC address learning globally.

<Sysname> system-view

[Sysname] undo mac-address mac-learning enable

# Disable MAC address learning for VLAN 10.

<Sysname> system-view

[Sysname] vlan 10

[Sysname-vlan10] undo mac-address mac-learning enable

# Disable MAC address learning on Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] undo mac-address mac-learning enable

# Disable MAC address learning on Bridge-Aggregation 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] undo mac-address mac-learning enable

# Disable MAC address learning on S-Channel 1/0/1:10.

<Sysname> system-view

[Sysname] interface s-channel 1/0/1:10

[Sysname-S-Channel1/0/1:10] undo mac-address mac-learning enable

# Disable MAC address learning on Schannel-Aggregation 1:2.

<Sysname> system-view

[Sysname] interface schannel-aggregation 1:2

[Sysname-Schannel-Aggregation1:2] undo mac-address mac-learning enable

Related commands

display mac-address mac-learning

mac-address mac-learning priority

Use mac-address mac-learning priority to assign MAC learning priority to an interface.

Use undo mac-address mac-learning priority to restore the default.

Syntax

mac-address mac-learning priority { high | low }

undo mac-address mac-learning priority

Default

Low MAC address learning priority is used.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

S-channel interface view

S-channel aggregate interface view

Predefined user roles

network-admin

mdc-admin

Parameters

high: Assigns high MAC learning priority.

low: Assigns low MAC learning priority.

Usage guidelines

The MAC address learning priority values can be high and low. An interface with high MAC address learning priority can learn any MAC address. An interface with low MAC address learning priority can learn only the MAC addresses that have not been learned by high-priority interfaces.

The MAC learning priority mechanism can help defend your network against MAC address spoofing attacks. To prevent the downlink interface from learning the MAC address of an upper layer device (for example, the gateway), you can perform the following tasks:

· Assign high MAC learning priority to an uplink interface.

· Assign low MAC learning priority to a downlink interface.

Examples

# Assign high MAC learning priority to Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mac-address mac-learning priority high

# Assign high MAC learning priority to Bridge-Aggregation 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] mac-address mac-learning priority high

# Assign high MAC learning priority to S-Channel 1/0/1:10.

<Sysname> system-view

[Sysname] interface s-channel 1/0/1:10

[Sysname-S-Channel1/0/1:10] mac-address mac-learning priority high

# Assign high MAC learning priority to Schannel-Aggregation 1:2.

<Sysname> system-view

[Sysname] interface schannel-aggregation 1:2

[Sysname-Schannel-Aggregation1:2] mac-address mac-learning priority high

mac-address mac-move fast-update

Use mac-address mac-move fast-update to enable ARP fast update for MAC address moves.

Use undo mac-address mac-move fast-update to disable ARP fast update for MAC address moves.

Syntax

mac-address mac-move fast-update

undo mac-address mac-move fast-update

Default

ARP fast update is disabled for MAC address moves.

Views

System view

Predefined user roles

network-admin

mdc-admin

Examples

# Enable ARP fast update for MAC address moves.

<Sysname> system-view

[Sysname] mac-address mac-move fast-update

mac-address mac-roaming enable

Use mac-address mac-roaming enable to enable MAC address synchronization.

Use undo mac-address mac-roaming enable to disable MAC address synchronization.

Syntax

mac-address mac-roaming enable

undo mac-address mac-roaming enable

Default

MAC address synchronization is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

If ports on different cards are Selected ports from the same aggregation group, MAC address entries are synchronized among these cards. They are synchronized whether or not MAC address synchronization is enabled. For more information about aggregation groups, see Layer 2—LAN Switching Configuration Guide.

The MAC address table size might vary by card. With MAC address synchronization enabled, MAC address table entries exceeding the table size of a card cannot be synchronized to the MAC address table.

Examples

# Enable MAC address synchronization.

<Sysname> system-view

[Sysname] mac-address mac-roaming enable

mac-address max-mac-count (interface view)

Use mac-address max-mac-count to set the MAC learning limit on an interface.

Use undo mac-address max-mac-count to restore the default.

Syntax

mac-address max-mac-count count

undo mac-address max-mac-count

Default

The number of MAC addresses that can be learned on an interface is not limited.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

count: Specifies the maximum number of MAC addresses that can be learned on an interface. When the argument is set to 0, the interface is not allowed to learn MAC addresses. The value range for this argument is 0 to 4096.

Usage guidelines

This command helps limit the MAC address table size. When the number of MAC address entries learned by an interface reaches the limit, the interface stops learning MAC address entries.

If you use this command on a member port of an aggregation group, the command takes effect only after the member port is removed from the aggregation group.

Examples

# Configure Ten-GigabitEthernet 1/0/1 to learn a maximum of 600 MAC address entries.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mac-address max-mac-count 600

Related commands

mac-address

mac-address max-mac-count enable-forwarding (interface view)

mac-address max-mac-count (VLAN view)

Use mac-address max-mac-count to set the MAC learning limit for a VLAN.

Use undo mac-address max-mac-count to restore the default.

Syntax

mac-address max-mac-count count

undo mac-address max-mac-count

Default

The MAC learning limit is not set for a VLAN.

Views

VLAN view

Predefined user roles

network-admin

mdc-admin

Parameters

count: Specifies the maximum number of MAC addresses that can be learned for a VLAN. When the argument is set to 0, the VLAN is not allowed to learn MAC addresses. The value range for this argument is 0 to 4096.

Usage guidelines

This command limits the number of MAC address entries to limit the MAC address table size. A large MAC address table will degrade forwarding performance. When the number of MAC address entries learned by a VLAN reaches the limit, the VLAN stops learning MAC address entries.

Examples

# Configure VLAN 10 to learn a maximum of 600 MAC address entries.

<Sysname> system-view

[Sysname] vlan 10

[Sysname-vlan10] mac-address max-mac-count 600

Related commands

mac-address

mac-address max-mac-count enable-forwarding (VLAN view)

mac-address max-mac-count enable-forwarding (interface view)

Use mac-address max-mac-count enable-forwarding to enable the device to forward unknown frames received on an interface after the MAC learning limit on the interface is reached. Unknown frames refer to frames whose source MAC addresses are not in the MAC address table.

Use undo mac-address max-mac-count enable-forwarding to disable the device from forwarding unknown frames received on an interface after the MAC learning limit on the interface is reached.

Syntax

mac-address max-mac-count enable-forwarding

undo mac-address max-mac-count enable-forwarding

Default

When the MAC learning limit on an interface is reached, the device can forward unknown frames received on the interface.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

mdc-admin

Examples

# Configure Ten-GigabitEthernet 1/0/1 to learn a maximum of 600 MAC address entries.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mac-address max-mac-count 600

# Disable the device from forwarding unknown frames received on Ten-GigabitEthernet 1/0/1 after the MAC learning limit on Ten-GigabitEthernet 1/0/1 is reached.

[Sysname-Ten-GigabitEthernet1/0/1] undo mac-address max-mac-count enable-forwarding

Related commands

mac-address

mac-address max-mac-count (interface view)

mac-address max-mac-count enable-forwarding (VLAN view)

Use mac-address max-mac-count enable-forwarding to enable the device to forward unknown frames received by interfaces in a VLAN after the MAC learning limit for the VLAN is reached. Unknown frames refer to frames whose source MAC addresses are not in the MAC address table.

Use undo mac-address max-mac-count enable-forwarding to disable the device from forwarding unknown frames received by interfaces in a VLAN after the MAC learning limit for the VLAN is reached.

Syntax

mac-address max-mac-count enable-forwarding

undo mac-address max-mac-count enable-forwarding

Default

When the MAC learning limit for a VLAN is reached, the device can forward unknown frames received by interfaces in the VLAN.

Views

VLAN view

Predefined user roles

network-admin

mdc-admin

Examples

# Configure VLAN 10 to learn a maximum of 600 MAC address entries.

<Sysname> system-view

[Sysname] vlan 10

[Sysname-vlan10] mac-address max-mac-count 600

# Disable the device from forwarding unknown frames received by interfaces in VLAN 10 after the MAC learning limit for VLAN 10 is reached.

[Sysname-vlan10] undo mac-address max-mac-count enable-forwarding

Related commands

mac-address

mac-address max-mac-count (VLAN view)

mac-address notification mac-move

Use mac-address notification mac-move to enable MAC address move notifications and optionally specify a MAC move detection interval.

Use undo mac-address notification mac-move to disable MAC address move notifications.

Syntax

mac-address notification mac-move [ interval interval ]

undo mac-address notification mac-move

Default

MAC address move notifications are disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interval interval: Specifies the interval for detecting MAC address moves, in the range of 1 to 60 minutes. If you do not specify this option, the default setting of 1 minute is used.

Usage guidelines

With MAC address move notifications enabled, the system records the MAC address move logs every MAC move detection interval. Each record of the MAC address move logs contains the following information:

· MAC address.

· VLAN ID of the MAC address entry.

· Current port and source port of the MAC address moves.

· Number of MAC address moves within a detection interval.

A MAC address can have only one MAC address move record. If a MAC address moves multiple times, the new record overrides the old record.

Within a detection interval, each card can record MAC address move information for a maximum of 20 MAC addresses. The records are ranked in descending order of MAC move counts. If the number of MAC address move records exceeds 20, only the first 20 records are retained. Then in the next detection interval, the device discards all MAC address move records generated in the previous detection interval and starts another round of MAC move record generation.

After you execute this command, the system sends only syslog messages to the information center module. If the snmp-agent trap enable mac-address command is also executed, the system also sends SNMP notifications to the SNMP module.

Examples

# Enable MAC address move notifications.

<Sysname> system-view

[Sysname] mac-address notification mac-move

[Sysname]

%May 14 17:16:45:688 2013 Sysname MAC/4/MAC_FLAPPING: MAC address 0000-0012-0034 in VLAN 500 has moved from port XGE1/0/1 to port XGE1/0/2 for 1 times

The output shows that:

· The VLAN ID of MAC address 0000-0012-0034 is VLAN 500.

· The MAC address moved from Ten-GigabitEthernet 1/0/1 to Ten-GigabitEthernet 1/0/2.

· The MAC address has moved once within a MAC move detection interval.

Related commands

display mac-address mac-move

mac-address notification mac-move suppression (interface view)

Use mac-address notification mac-move suppression to enable MAC address move suppression on an interface.

Use undo mac-address notification mac-move suppression to disable MAC address move suppression on an interface.

Syntax

mac-address notification mac-move suppression

undo mac-address notification mac-move suppression

Default

MAC address moves are not suppressed.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This feature shuts an interface down when a MAC address has been moved to or from the interface more than the suppression threshold within a MAC move detection interval. The shutdown interface automatically goes up after a suppression interval. Also, you can use the shutdown command and then the undo shutdown command to bring up the interface.

When MAC address move suppression shuts an interface down, the system sends only syslog messages to the information center module. If the snmp-agent trap enable mac-address command is also executed, the system also sends SNMP notifications to the SNMP module.

Examples

# Enable MAC address move suppression on Ten-GigabitEthernet 1/0/1.

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mac-address notification mac-move suppression

Related commands

mac-address notification mac-move suppression (system view)

Use mac-address notification mac-move suppression to set the suppression interval or the suppression threshold.

Use undo mac-address notification mac-move suppression to restore the default.

Syntax

mac-address notification mac-move suppression { interval interval | threshold threshold }

undo mac-address notification mac-move suppression { interval | threshold }

Default

The suppression interval is 30 seconds. The suppression threshold is 3.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interval interval: Specifies the MAC address move suppression interval during which a suppressed interface stays down. The value range for the interval-value argument is 30 to 86400 seconds. If you do not specify this option, the default suppression interval of 30 seconds is used.

threshold threshold: Specifies the suppression threshold for MAC address moves sourced from or destined for an interface within a MAC move detection interval. The value range for this argument is 0 to 1024. If you do not specify this option, the default suppression threshold of 3 is used.

Usage guidelines

For this command to take effect on an interface, you must also enable MAC address move suppression on the interface.

If you set the suppression interval or suppression threshold multiple times, the most recent configuration applies. The suppression interval setting is independent of the suppression threshold setting.

Examples

# Set the suppression interval to 40 seconds and the suppression threshold to 1 for MAC address moves.

<Sysname> system-view

[Sysname] mac-address notification mac-move suppression interval 40

[Sysname] mac-address notification mac-move suppression threshold 1

Related commands

mac-address notification mac-move suppression (interface view)

mac-address static source-check enable

Use mac-address static source-check enable to enable the static source check feature.

Use undo mac-address static source-check enable to disable the static source check feature.

Syntax

mac-address static source-check enable

undo mac-address static source-check enable

Default

The static source check feature is enabled.

Views

Layer 2 Ethernet interface view

Layer 2 aggregate interface view

IRF physical interface view

Predefined user roles

network-admin

mdc-admin

Examples

# Disable the static source check feature on Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] undo mac-address static source-check enable

mac-address timer

Use mac-address timer to set the aging timer for dynamic MAC address entries.

Use undo mac-address timer to restore the default.

Syntax

mac-address timer { aging seconds | no-aging }

undo mac-address timer

Default

The aging timer is 300 seconds for dynamic MAC address entries.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

aging seconds: Specifies an aging timer for dynamic MAC address entries, in seconds. The value range for the seconds argument is 10 to 1000000.

no-aging: Configures dynamic MAC address entries not to age.

Usage guidelines

To set the aging timer appropriately, follow these guidelines:

· A long aging interval causes the MAC address table to retain outdated entries and fail to accommodate the most recent network changes.

· A short aging interval results in removal of valid entries. Then, unnecessary broadcast packets appear and affect device performance.

Examples

# Set the aging time to 500 seconds for dynamic MAC address entries.

<Sysname> system-view

[Sysname] mac-address timer aging 500

Related commands

display mac-address aging-time

snmp-agent trap enable mac-address

Use snmp-agent trap enable mac-address to enable SNMP notifications for the MAC address table.

Use undo snmp-agent trap enable mac-address to disable SNMP notifications for the MAC address table.

Syntax

snmp-agent trap enable mac-address [ mac-move ]

undo snmp-agent trap enable mac-address [ mac-move ]

Default

SNMP notifications are enabled for the MAC address table.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

mac-move: Specifies notifications about the MAC address moves for the MAC address table. If you do not specify this keyword, the command enables all types of SNMP notifications for the MAC address table.

Usage guidelines

To report critical MAC address move events to an NMS, enable SNMP notifications for the MAC address table. For MAC address move event notifications to be sent correctly, you must also configure SNMP on the device.

When SNMP notifications are disabled for the MAC address table, the device sends the generated logs to the information center. To display the logs, configure the log destination and output rule configuration in the information center.

For information about SNMP and information center configuration, see the network management and monitoring configuration guide for the device.

The MAC address table supports only SNMP notifications about MAC address moves. When you enable or disable SNMP notifications about MAC address moves, you enable or disable all types of SNMP notifications for the MAC address table.

Examples

# Disable SNMP notifications about MAC address moves for the MAC address table.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable mac-address mac-move

Related commands

mac-address notification mac-move

MAC Information commands

mac-address information enable (interface view)

Use mac-address information enable to enable MAC Information on an interface.

Use undo mac-address information enable to disable MAC Information on an interface.

Syntax

mac-address information enable { added | deleted }

undo mac-address information enable { added | deleted }

Default

MAC Information is disabled on an interface.

Views

Layer 2 Ethernet interface view

S-channel interface view

S-channel aggregate interface view

Predefined user roles

network-admin

mdc-admin

Parameters

added: Enables the device to record MAC change information when a new MAC address is learned on an interface.

deleted: Enables the device to record MAC change information when an existing MAC address is deleted.

Usage guidelines

Before you enable MAC Information on an interface, enable MAC Information globally.

Examples

# Enable MAC Information on Ten-GigabitEthernet 1/0/1 to enable the interface to record MAC change information when learning a new MAC address.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mac-address information enable added

# Enable MAC Information on S-Channel 1/0/1:10 to enable the interface to record MAC change information when learning a new MAC address.

<Sysname> system-view

[Sysname] interface s-channel 1/0/1:10

[Sysname-S-Channel1/0/1:10] mac-address information enable added

# Enable MAC Information on Schannel-Aggregation 1:2 to enable the interface to record MAC change information when learning a new MAC address.

<Sysname> system-view

[Sysname] interface schannel-aggregation 1:2

[Sysname-Schannel-Aggregation1:2] mac-address information enable added

Related commands

mac-address information enable (system view)

Use mac-address information enable to enable MAC Information globally.

Use undo mac-address information enable to disable MAC Information globally.

Syntax

mac-address information enable

undo mac-address information enable

Default

MAC Information is disabled globally.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Before you enable MAC Information on an interface, enable MAC Information globally.

Examples

# Enable MAC Information globally.

<Sysname> system-view

[Sysname] mac-address information enable

Related commands

mac-address information enable (interface view)

mac-address information interval

Use mac-address information interval to set the MAC change notification interval.

Use undo mac-address information interval to restore the default.

Syntax

mac-address information interval interval

undo mac-address information interval

Default

The MAC change notification interval is 1 second.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interval: Specifies the MAC change notification interval in the range of 1 to 20000 seconds.

Usage guidelines

To prevent syslog messages or SNMP notifications from being sent too frequently, set the MAC change notification interval to a larger value.

Examples

# Set the MAC change notification interval to 200 seconds.

<Sysname> system-view

[Sysname] mac-address information interval 200

mac-address information mode

Use mac-address information mode to set the MAC Information mode. The MAC Information mode specifies the type of messages (syslog messages or SNMP notifications) used to notify MAC changes.

Use undo mac-address information mode to restore the default.

Syntax

mac-address information mode { syslog | trap }

undo mac-address information mode

Default

SNMP notifications are sent to notify MAC changes.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

syslog: Specifies that the device sends syslog messages to notify MAC changes.

trap: Specifies that the device sends SNMP notifications to notify MAC changes.

Examples

# Configure the MAC Information mode as trap.

<Sysname> system-view

[Sysname] mac-address information mode trap

mac-address information queue-length

Use mac-address information queue-length to set the MAC Information queue length.

Use undo mac-address information queue-length to restore the default.

Syntax

mac-address information queue-length value

undo mac-address information queue-length

Default

The MAC Information queue length is 50.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

value: Specifies the MAC Information queue length in the range of 0 to 1000. The MAC Information queue length indicates the number of MAC change messages.

Usage guidelines

If the MAC Information queue length is 0, the device sends a syslog message or SNMP notification immediately after learning or deleting a MAC address.

If the MAC Information queue length is not 0, the device stores MAC changes in the queue:

· The device overwrites the oldest MAC change written into the queue with the most recent MAC change when the following conditions exist:

¡ The MAC change notification interval does not expire.

¡ The queue has been exhausted.

· The device sends syslog messages or SNMP notifications only if the MAC change notification interval expires.

Examples

# Set the MAC Information queue length to 600.

<Sysname> system-view

[Sysname] mac-address information queue-length 600

04 Layer 2 - LAN Switching Command Reference

display mac-address mac-learning

display mac-address mac-move

mac-address (system view)

mac-address mac-learning enable

mac-address max-mac-count (VLAN view)

mac-address notification mac-move

mac-address notification mac-move suppression (interface view)

mac-address information enable (interface view)

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us