R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101
37
You can manually add MAC address entries to the MAC address table of the device to bind specific user
devices to the port. Because manually configured entries have higher priority than dynamically learned
ones, this prevents hackers from stealing data using forged MAC addresses.
Types of MAC address table entries
A MAC address table can contain the following types of entries:
• Static entries, which are manually added and never age out.
• Dynamic entries, which can be manually added or dynamically learned and may age out.
• Blackhole entries, which are manually configured and never age out. Blackhole entries are
configured for filtering out frames with specific destination MAC addresses.
To adapt to network changes and prevent inactive entries from occupying table space, an aging
mechanism is adopted for dynamic MAC address entries. Each time a dynamic MAC address entry is
learned or created, an aging time starts. If the entry has not updated when the aging timer expires, the
device deletes the entry. If the entry has updated before the aging timer expires, the aging timer restarts.
NOTE:
A
static or blackhole MAC address entry can overwrite a dynamic MAC address entry, but not vice versa.
MAC address table-based frame forwarding
When forwarding a frame, the device adopts the following forwarding modes based on the MAC
address table:
• Unicast mode: If an entry is available for the destination MAC address, the device forwards the
frame out the outgoing interface indicated by the MAC address table entry.
• Broadcast mode: If the device receives a frame with an all-ones destination address, or no entry is
available for the destination MAC address, the device broadcasts the frame to all the interfaces
except the receiving interface.
Figure 20 MAC address table of the device
Port 1 Port 2
MAC address Port
MAC A 1
MAC B 1
MAC C 2
MAC D 2
MAC A
MAC B
MAC C
MAC D