How to Operate MAC Address Table Configuration?

How to Configure MAC Address Table on Huawei S2300 and S3300 Switch

Networking Requirements
As shown in Figure, the MAC address of the user host PC1 is 0002-0002-0002 and that
of the user host PC2 is 0003-0003-0003. PC1 and PC2 are connected to the Switch through the
LSW. The LSW is connected to Eth0/0/1 of the Switch, which belongs to VLAN 2. The MAC
address of the server is 0004-0004-0004. The server is connected to Eth0/0/2 of the Switch.
Eth0/0/2 belongs to VLAN 2.

• To prevent hackers from using MAC addresses to attack the network, configure two static MAC address entries for each user host on the Switch.
• To prevent hackers from stealing user information by forging the MAC address of the server, configure a static MAC address entry on the Switch for the server.

Configuration Roadmap
The configuration roadmap is as follows:
1. Create a VLAN and add an interface to the VLAN to implement Layer 2 forwarding.
2. Configure static MAC address entries to prevent MAC address attacks.
3. Configure the aging time of dynamic MAC address entries to update the entries.

Procedure
Step 1 Configure static MAC address entries.
# Create VLAN 2 and add Ethernet0/0/1 and Ethernet0/0/2 to VLAN 2.
<Switch> system-view
[Switch] vlan 2
[Switch-vlan2] quit
[Switch] interface ethernet 0/0/1
[Switch-Ethernet0/0/1] port hybrid pvid vlan 2
[Switch-Ethernet0/0/1] port hybrid untagged vlan 2
[Switch-Ethernet0/0/1] quit
[Switch] interface ethernet 0/0/2
[Switch-Ethernet0/0/2] port hybrid pvid vlan 2
[Switch-Ethernet0/0/2] port hybrid untagged vlan 2
[Switch-Ethernet0/0/2] quit
# Configure a static MAC address entry.
[Switch] mac-address static 2-2-2 Ethernet 0/0/1 vlan 2
[Switch] mac-address static 3-3-3 Ethernet 0/0/1 vlan 2
[Switch] mac-address static 4-4-4 Ethernet 0/0/2 vlan 2
Step 2 Set the aging time of a dynamic MAC address entry.
[Switch] mac-address aging-time 500
Step 3 Verify the configuration.
# Run the display mac-address command in any view to check whether the static MAC address
entries are successfully added to the MAC address table.
[Switch] display mac-address static vlan 2
-------------------------------------------------------------------------------
MAC Address VLAN/VSI Learned-From Type
-------------------------------------------------------------------------------
0002-0002-0002 2/- Eth0/0/1 static
0003-0003-0003 2/- Eth0/0/1 static
0004-0004-0004 2/- Eth0/0/2 static
-------------------------------------------------------------------------------
Total items displayed = 3
# Run the display mac-address aging-time command in any view to check whether the aging
time of dynamic entries is set successfully.
[Switch] display mac-address aging-time

Aging time: 500 seconds

More Related:

S2318TP-EI-DC

Huawei Low-end Switches Upgrade The APP System

The S5700 four series description

Configuring a Device to Communicate with an NM Station

Do you know how to Replace a Power Module or Fan Module?

Some switch models support pluggable power modules and fan modules. Figure shows
the fan module slots and power module slots on Huawei S6700-EI switch as an example.

Before replacing a power module, ensure that the switch is powered by the other power
module. Replacing the only power module of a switch will interrupt services.
If two power modules are installed in a switch, they work in 1+1 backup mode. Replacing
one power module will not interrupt services. If you are replacing both power modules,
replace the second one only after the first replaced one is working (its indicator is steady
green).

Tools and Accessories
ESD wrist strap or ESD gloves
Phillips screwdriver
Procedure
Step 1 Wear an ESD wrist strap or ESD gloves. When wearing an ESD wrist strap, ensure that it is in
close contact with your wrist and grounded properly.
Step 2 Turn off the power module.
Step 3 Remove the power cable from the power module. The procedure for removing a power cable
is the reverse of the procedure for installing the power cable.
Step 4 Remove the power module from the Huawei switch.
1. Use a Phillips screwdriver to loosen the captive screw on the power module.
2. Holding the handle, gently pull out the power module.

Step 5 Install the replacement power module in the switch.

Step 6 Connect the power cable to the new power module.

Step 7 Turn on the power module.
Step 8 Use either of the following methods to check whether the new power module is working
normally:
Observe the STATUS indicator on the panel. If the indicator is steady green, the power
module works normally.
Run the display device command to check the running status of the new power module.

Follow-up Procedure
If the new power module does not work normally, contact the equipment supplier or local
maintenance personnel for technical support.

Huawei S5720-SI Series Next-generation Standard Gigabit Ethernet Switch

Huawei S5720-SI series switches (S5720-SI for short) are next-generation standard gigabit Layer 3 Ethernet switches based on new generation of high-performance hardware and Huawei Versatile Routing Platform (VRP). It provides a large switching capacity, high-density GE interfaces, and 10GE uplink interfaces. With extensive service features and IPv6 forwarding capabilities, the S5720-SI is applicable to various scenarios. For example, it can be used as an access or aggregation switch on campus networks or an access switch in data centers. The S5720-SI integrates many advanced technologies in terms of reliability, security, and energy saving. It employs simple and convenient means of installation and maintenance to reduce customers' O&M costs and help enterprise customers build a next-generation IT network.

S5720-SI highlights:

Powerful support for services
• The S5720-SI offers higher performance and delivers a switching capacity of up to 336 Gbps. It provides more powerful Layer 3 routing capability such as OSPF/OSPFv3, BGP/BGP4+, ISIS/ISISv6, and provides voice, video and data services, helping enterprises build an integrated full service network with high availability and low latency.
• The S5720-SI supports many Layer 2/Layer 3 multicast protocols such as PIM SM, PIM DM, PIM SSM, MLD, and IGMP snooping, to support multi-terminal high-definition video surveillance and video conferencing services. It supports IGMP v1/v2/v3 snooping, IGMP filter, IGMP fast leave, and IGMP proxy. It also supports wire-speed replication of multicast packets between VLANs, multicast load balancing among member interfaces of a trunk, and controllable multicast, meeting requirements for IPTV and other multicast services.

Comprehensive reliability mechanisms
• Besides STP, RSTP, and MSTP, the S5720-SI S5720-52X-SI-AC supports enhanced Ethernet reliability technologies such as Smart Link and RRPP (Rapid Ring Protection Protocol), which implement millisecond-level protection switchover and ensure network reliability. It also provides Smart Link multi-instance and RRPP multiinstance to implement load balancing among links, optimizing bandwidth usage.
• The S5720-SI supports the Smart Ethernet Protection (SEP) protocol, a ring network protocol applied to the link layer on an Ethernet network. SEP can be used on open ring networks and can be deployed on upper-layer aggregation devices to provide fast switchover, ensuring non-stop transmission of services. SEP features simplicity, high reliability, fast switchover, easy maintenance, and flexible topology, facilitating network planning and management.
• The S5720-SI supports Ethernet Ring Protection Switching (ERPS), also referred to as G.8032. As the latest ring network protocol, ERPS was developed based on traditional Ethernet MAC and bridging functions and uses mature Ethernet OAM function and a Ring Automatic Protection Switching (R-APS) mechanism to implement millisecond-level protection switching. ERPS supports various services and allows flexible networking, helping customers build a network with lower OPEX and CAPEX.

Introduction about Huawei S6700 Switch Hardware Information

Hardware modules of Huawei S6700 S6720-30C-EI-24S-DC for expample refer to the SCU (Switch Control Unit), power supply, and fan.

Logical structure of hardware modules

SCU

The SCU is fixed on Huawei S6700. Each S6700 has one SCU.
The SCU is responsible for packet switching and device management. It integrates multiple
functional modules, namely, the main control module, switching module, and interface
module.

Main Control Module
The main control module implements the following functions:
Processing protocols
Functioning as an agent of the user to manage the system and monitor the system
performance according to instructions of the user, and report the running status of the
device to the user
Monitoring and maintaining the interface module and switching module on the SCU
Switching Module
The switching module, also called the switching fabric, is responsible for packet exchange,
multicast replication, QoS scheduling, and access control on the interface module of the SCU.
The switching module adopts high performance chips to implement line-speed forwarding and
fast switching of data with different priorities.
Interface Module
The interface module provides Ethernet interfaces for accessing Ethernet services.
Cards
Huawei S6700 such as S6720S-26Q-EI-24S supports service cards. Service cards allow flexible networking and provide cost-effective
and customized solutions.

Does Huawei S3700 Support Port Mirroring?

Huawie S3700 supports port mirroring. The details are as follows:

A maximum of four observing ports can be configured on an S3700. Packets from
multiple ports can be mirrored to the same observing port. You can mirror incoming
packets, outgoing packets, or both to an observing port.

The S3700 supports Remote Switched Port Analyzer (RSPAN). That is, the observing
port and mirrored port can be located on different switches. This facilitates remote
device management.


The S3700 such as S3700-52P-EI-48S-AC supports traffic mirroring. A maximum of four observing ports can be configured on an S3700. Flows can be mirrored from multiple ports to the same
observing port. Flows to be mirrored are determined by the traffic classification rule.