R21xx-HP FlexFabric 11900 Layer 2 LAN Switching Configuration Guide
19
Configuring the MAC address table
Overview
An Ethernet device uses a MAC address table for forwarding frames through unicast instead of
broadcast. This table describes from which interfaces a MAC address (or host) can be reached. When
forwarding a frame, the device first looks up the MAC address of the frame in the MAC address table for
a match. If an entry is found, the device forwards the frame out of the outgoing interface. If no entry is
found, the device broadcasts the frame out of all but the incoming interface.
How a MAC address entry is created
The entries in the MAC address table originate from two sources: automatically learned by the device
and manually added by the administrator.
MAC address learning
The device can automatically populate its MAC address table by learning the source MAC addresses of
incoming frames on each interface.
When a frame arrives at an interface (for example, Port A), the device performs the following tasks:
1. Checks the source MAC address (for example, MAC-SOURCE) of the frame.
2. Looks up the source MAC address in the MAC address table.
{ If an entry is found, the device updates the entry.
{ If no entry is found, the device adds an entry for MAC-SOURCE and Port A.
3. When the device receives a frame destined for MAC-SOURCE after learning this source MAC
address, the device finds the MAC-SOURCE entry in the MAC address table and forwards the
frame out of Port A.
The device performs the learning process each time it receives a frame from an unknown source MAC
address until the MAC address table is fully populated.
Manually configuring MAC address entries
With dynamic MAC address learning, a device does not distinguish between illegitimate and legitimate
frames, which can invite security hazards. For example, when an illegal user sends frames with a forged
source MAC address to an interface different from the one where the real MAC address is connected, the
device creates an entry for the forged MAC address, and forwards frames destined for the legal user to
the illegal user instead.
To improve interface security and prevent illegal users from stealing data, you can manually add MAC
address entries to the MAC address table of the device to bind specific user devices to the interface.
Types of MAC address entries
A MAC address table can contain the following types of entries:
• Static entries—Static entries are manually added in order to forward frames with a specific
destination MAC address out of their associated interfaces and never age out.