Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
71727374757677787980
54
Ste
p
Command
Remarks
107. Add or modify a static or
dynamic MAC address entry.
mac-address { dynamic |
static } mac-address vlan
vlan-id
By default, no MAC address entry is
configured.
Make sure you have created the VLAN
and assigned the interface to the VLAN.
1107BConfiguring a destination blackhole MAC address entry
Ste
p
Command
Remarks
108. Enter system view.
system-view N/A
109. Add or modify a
destination blackhole
MAC address entry.
mac-address blackhole mac-address
vlan vlan-id
By default, no MAC address entry is
configured.
Make sure you have created the VLAN
and assigned the interface to the VLAN.
406BConfiguring the aging timer for dynamic MAC address entries
The MAC address table uses an aging timer for dynamic MAC address entries for security and efficient
use of table space. If a dynamic MAC address entry has failed to update before the aging timer expires,
the device deletes that entry. This aging mechanism makes sure the MAC address table can promptly
update to accommodate the latest network changes.
Set the aging timer appropriately. Too long an aging interval might cause the MAC address table to
retain outdated entries, exhaust the MAC address table resources, and fail to update its entries to
accommodate the latest network changes. Too short an interval might result in removal of valid entries,
causing unnecessary floods, which could affect device performance.
To configure the aging timer for dynamic MAC address entries:
Ste
p
Command
Remarks
110. Enter system view.
system-view N/A
111. Configure the aging timer for
dynamic MAC address
entries.
mac-address timer
{ aging seconds |
no-aging }
Optional.
The default aging timer is 300 seconds.
The no-aging keyword disables the aging timer.
You can reduce floods on a stable network by disabling the aging timer to prevent dynamic entries from
unnecessarily aging out. By reducing floods, you improve not only network performance, but also
security, because you reduce the chances that a data packet will reach unintended destinations.
407BConfiguring the MAC learning limit on interfaces
The following matrix shows the feature and hardware compatibility:
Hardware Feature com
p
atible
F1000-A-EI/F1000-S-EI No
F1000-E No