Manualshelf

Manual

ManualsBrandsQTECH ManualsAccessories communicationQSW-3400 Инструкция по настройке
341342343344345346347348349350
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
340
Chapter 41 The Number Limitation Function of
MAC and IP in Port, VLAN Configuration
41.1 Introduction to the Number Limitation Function of MAC and
IP in Port, VLAN
MAC address list is used to identify the mapping relationship between the destination MAC
addresses and the ports of switch. There are two kinds of MAC addresses in the list: static
MAC address and dynamic MAC address. The static MAC address is set by users, having the
highest priority (will not be overwritten by dynamic MAC address), and will always be effective;
dynamic MAC address is learnt by the switch through transmitting data frames, and will only
be effective in a specific time range. When the switch receives a data framed waiting to be
transmitted, it will study the source MAC address of the data frame, build a mapping
relationship with the receiving port, and then look up the MAC address list for the destination
MAC address. If any matching list entry is found, the switch will transmit the data frame via the
corresponding port, or, the switch will broadcast the data frame over the VLAN it belongs to. If
the dynamically learnt MAC address matches no transmitted data in a long time, the switch will
delete it from the MAC address list.
Usually the switch supports both the static configuration and dynamic study of MAC address,
which means each port can have more than one static set MAC addresses and dynamically
learnt MAC addresses, and thus can implement the transmission of data traffic between port
and known MAC addresses. When a MAC address becomes out of date, it will be dealt with
broadcast. No number limitation is put on MAC address of the ports of our current switches;
every port can have several MAC addressed either by configuration or study, until the
hardware list entries are exhausted. To avoid too many MAC addresses of a port, we should
limit the number of MAC addresses a port can have.
For each INTERFACE VLAN, there is no number limitation of IP; the upper limit of the number
of IP is the upper limit of the number of user on an interface, which is, at the same time, the
upper limit of ARP and ND list entry. There is no relative configuration command can be used
to control the sent number of these list entries. To enhance the security and the controllability
of our products, we need to control the number of MAC address on each port and the number
of ARP, ND on each INTERFACE VLAN. The number of static or dynamic MAC address on a
port should not exceed the configuration. The number of user on each VLAN should not
exceed the configuration, either.
Limiting the number of MAC and ARP list entry can avoid DOS attack to a certain extent. When
malicious users frequently do MAC or ARP cheating, it will be easy for them to fill the MAC and