R0106-HP MSR Router Series Layer 2 - LAN Switching Configuration Guide(V7)
9
Step Command Remarks
2. Add or modify a blackhole
MAC address entry.
mac-address blackhole
mac-address vlan vlan-id
By default, no blackhole MAC
address entry is configured.
Make sure you have created the
VLAN.
Disabling MAC address learning on an interface
MAC address learning is enabled by default. To prevent the MAC address table from being saturated
when the device is experiencing attacks, disable MAC address learning. For example, you can disable
MAC address learning to prevent the device from being attacked by a large amount of frames with
different source MAC addresses. You can disable MAC address learning on a single interface.
After the MAC address learning is disabled, the device does not delete the learned dynamic MAC
address entries until the entries age out.
To disable MAC address learning on an interface:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 2 Ethernet interface
view.
interface interface-type
interface-number
N/A
3. Disable MAC address learning
on the interface.
undo mac-address mac-learning
enable
By default, MAC address
learning on the interface is
enabled.
Configuring the aging timer for dynamic MAC
address entries
For security and efficient use of table space, the MAC address table uses an aging timer for each
dynamic MAC address entry. If a dynamic MAC address entry is not updated before the aging timer
expires, the device deletes the entry. This aging mechanism ensures that the MAC address table can
promptly update to accommodate latest network topology changes.
A stable network requires a longer aging interval and an unstable network requires a shorter aging
interval.
An aging interval that is too long might cause the MAC address table to retain outdated entries. As a
result, the MAC address table resources might be exhausted, and the MAC address table might fail to
update its entries to accommodate the latest network changes.
An interval that is too short might result in removal of valid entries, which would cause unnecessary floods
and possibly affect the device performance.
To reduce floods on a stable network, set a long aging timer or disable the timer to prevent dynamic
entries from unnecessarily aging out. Reducing floods improves the network performance. Reducing
floods also improves security because it reduces the chances for a data frame to reach unintended
destinations.