MAC Configuration
show mac-flapping config
Section titled “show mac-flapping config”[Command]
show mac-flapping config
[Purpose]
View the configuration information of MAC address flapping detection function
[View]
System view
[Use Cases]
sonic# show mac-flapping config+---------+---------+---------+------------+-----------+| VLAN | LEVEL | AGING | ACTION | ENABLED |+=========+=========+=========+============+===========+| Vlan400 | 10 | 600 | error_down | true |+---------+---------+---------+------------+-----------+show mac-flapping status
Section titled “show mac-flapping status”[Command]
show mac-flapping status
[Purpose]
View records of MAC address flapping
[View]
System view
[Use Cases]
sonic# show mac-flapping status+---------+-------------------+---------+--------------+-------------+| VLAN | MAC | TIMES | LASTUPDATE | ERRORDOWN |+=========+===================+=========+==============+=============+| Vlan400 | 00:00:01:01:02:01 | 3 | Ethernet1 | No |+---------+-------------------+---------+--------------+-------------+Description of the
| Item | Description |
|---|---|
| VLAN | VLANs undergoing migration |
| MAC | Migrated MAC addresses |
| TIMES | Number of migrations for a MAC address |
| LASTUPDATE | Interface of the last migration |
| ERRORDOWN | Whether the interface is shut down |
show mac-address
Section titled “show mac-address”[Command]
show mac-address [ interface-type interface_name]
[Purpose]
Display MAC table
[Parameter]
| Parameter | Description |
|---|---|
| interface-type | Interface type, optional ethernet, link-aggregation |
| interface-name | Interface name |
[View]
System view
[Use Cases]
sonic# show mac-address No. Vlan MacAddress Port Type----- ------ ----------------- -------------------------- ------ 1 200 18:17:25:37:67:3E VTTNL10.1.0.226_10.1.0.101 Static 2 300 18:17:25:37:67:3C VTTNL10.1.0.226_10.1.0.101 StaticTotal number of entries 2show mac-limit
Section titled “show mac-limit”[Command]
show mac-limit [{port interface_name | vlan vlan_id }]
[Purpose]
View the configured limit on the number of MAC address learning entries
[View]
System view
[Use Cases]
sonic# show mac-limitInterface Mac-limit----------- -----------Vlan800 1000show mac-aging
Section titled “show mac-aging”[Command] show mac-aging
[Purpose] Show the configured of mac-aging
[View] System View
[Use Cases]
sonic# show mac-agingMAC aging timer: 600clear mac-address
Section titled “clear mac-address”[Command]
clear mac-address [{ethernet|link-aggregation interface_name } ] [vlan vlan_id ] [{static|dynamic}]
[Purpose]
Empty the MAC table
[Parameter]
| Parameter | Description |
|---|---|
| interface_name | Interface name |
| vlan_id | VLAN ID, range 1-4094 |
[View]
System view
[Usage Scenario]
The MAC address table space on a device is limited. When the MAC address table becomes full, it cannot learn new MAC address entries until the aging time expires. This can lead to new users having to broadcast their packets, wasting network resources. In such cases, this command can be used to remove unnecessary MAC address entries from the table.
[Notes]
By default, this command will clear all MAC addresses on the device, including static MAC entries. Be cautious when using it to avoid unintended consequences.
[Use Cases]
sonic# clear mac-addressAll FDB entries are cleared.mac-address static
Section titled “mac-address static”[Command]
mac-address static HH:HH:HH:HH:HH:HH vlan vlan_id {ethernet|link-aggregation} interface_name
no mac address static HH:HH:HH:HH:HH:HH vlan vlan_id
[Purpose]
Configure static MAC
[Parameter]
| Parameter | Description |
|---|---|
| HH:HH:HH:HH:HH:HH | MAC address |
| interface-name | Interface name |
| vlan-id | VLAN ID,range 1-4094 |
[View]
System configuration view
[Usage Scenario]
Manually configuring static MAC address entries is typically done to enhance security. Network administrators can manually add specific MAC address entries to the MAC address table, binding user devices to interfaces, in order to prevent unauthorized users from accessing data.
[Notes]
If a dynamic MAC address table entry exists in the MAC address table with the same static MAC address, the added static MAC address table entry will automatically overwrite the dynamic MAC address table entry.
[Use Cases]
sonic# configure terminalsonic(config)# mac-address static 00:aa:aa:aa:aa:aa vlan 4 ethernet 1mac-address blackhole
Section titled “mac-address blackhole”[Command]
mac-address blackhole HH:HH:HH:HH:HH:HH vlan vlan_id
no mac-address blackhole HH:HH:HH:HH:HH:HH vlan vlan_id
[Purpose]
Configuring the blackhole MAC
[Parameter]
| Parameter | Description |
|---|---|
| HH:HH:HH:HH:HH:HH | MAC address |
| vlan_id | VLAN ID,range 1-4094 |
[View]
System configuration view
[Usage Scenario]
To prevent hackers from using MAC address attacks on user devices or networks, you can configure the MAC addresses of untrusted users as blackhole MAC addresses. When the device receives a packet with a destination MAC address or source MAC address that matches a blackhole MAC address, it will simply discard the packet. This helps enhance network security.
[Use Cases]
sonic# configure terminalsonic(config)# mac-address blackhole aa:bb:bb:bb:bb:bb vlan 5mac-address timer
Section titled “mac-address timer”[Command]
mac-address timer aging time
mac-address timer no-aging
[Purpose]
Configure MAC aging time
[Parameter]
| Parameter | Description |
|---|---|
| time | Aging time, in seconds, default aging time is 600s, range 30s-7200s |
| no-aging | No aging MAC table entries |
[View]
System configuration view
[Usage Scenario]
As network topology evolves, devices will learn an increasing number of MAC addresses. To prevent the MAC address table from growing excessively, it’s essential to use this command to set an appropriate aging time for dynamic MAC table entries. This helps in timely removal of obsolete MAC address entries from the table, preventing it from becoming too large.
[Notes]
MAC table entry aging time is a parameter that affects the switch MAC self-learning. Dynamic MAC table entries that exceed the aging time are automatically deleted, and the device relearns the MAC and builds a new MAC table entry. Static MAC table entries are not affected by the aging time.
[Use Cases]
sonic# configure terminalsonic(config)# mac-address timer aging 3600sonic(config)# mac-address timer no-agingmac-flapping detect enable
Section titled “mac-flapping detect enable”[Command]
mac-flapping detect enable
no mac-flapping detect enable
[Purpose]
Enable the MAC address flapping suppression function
[View]
VLAN view
[Usage Scenario]
MAC address drifting refers to a situation where a MAC address learned on one interface of a device is also learned on another interface within the same VLAN, with the later-learned MAC address entry overwriting the original entry. When this feature is enabled, if MAC address drifting occurs, the device will generate warning logs. Additionally, user can use the mac-flapping detect-action error-down configuration to forcibly shut down physical interfaces experiencing MAC address drifting. MAC address drifting can occur due to the following reasons: l The presence of network loops. l Malicious attacks by unauthorized users within the network.
[Use Cases]
sonic(config)# vlan 400sonic(config-vlan-400)# mac-flapping detect enablemac-flapping detect-action error-down
Section titled “mac-flapping detect-action error-down”[Command]
mac-flapping detect-action error-down
no mac-flapping detect-action error-down
[Purpose]
Configure the processing action of the interface after the MAC address flapping is to shutdown the interface
[View]
VLAN view
[Usage Scenario]
After configuring MAC address flapping actions for a VLAN, if the system detects that a MAC address has drifted more times within the duration specified by the mac-flapping detect-aging command than the number configured with the mac-flapping detect-level command, the system will forcibly shut down the interface where the MAC address was last learned.
[Notes]
By default, the interface is not automatically restored after shutdown, and needs to be manually restored by the administrator after specifying the shutdown command and then executing the no shutdown command.
[Use Cases]
sonic(config)# vlan 400sonic(config-vlan-400)# mac-flapping detect-action error-downmac-flapping detect-aging
Section titled “mac-flapping detect-aging”[Command]
mac-flapping detect-aging time
[Purpose]
Configure the aging time of MAC address flapping table entries
[Parameter]
| Parameter | Description |
|---|---|
| time | Value range: 10-7200, unit: s |
[View]
VLAN view
[Use Cases]
sonic(config)# vlan 400sonic(config-vlan-400)# mac-flapping detect-aging 100mac-flapping detect-level
Section titled “mac-flapping detect-level”[Command]
mac-flapping detect-level time
[Purpose]
Configure the number of times MAC address flapping is detected in a VLAN
[Parameter]
| Parameter | Description |
|---|---|
| time | Value range: 5 - 500 |
[View]
VLAN view
[Usage Scenario]
A flapping is considered to have occurred when the MAC address has migrated more than the configured number of flapping detections within the flapping aging time.
[Use Cases]
sonic(config)# vlan 400sonic(config-vlan-400)# mac-flapping detect-level 10mac-limit
Section titled “mac-limit”[Command]
mac-limit value
no mac-limit
[Purpose]
Configure MAC address learning entry limit
[Parameter]
| Parameter | Description |
|---|---|
| value | Value range: 1-32000 |
[View]
VLAN view, Interface view
[Usage Scenario]
To control the number of access users or prevent MAC address table attacks, you can limit the number of MAC addresses that a switch is allowed to learn. This helps control the number of access users and enhances network security.
[Notes]
When the number of MAC address table entries reaches the limit, the new MAC address will not be learned
[Use Cases]
sonic(config)# vlan 400sonic(config-vlan-400)# mac-limit 1000