Principles of the Layer 2 forwarding policy feature

Access devices, as Layer 2 network devices, support transparent transmission or forwarding of packets at Layer 2. In traditional Layer 2 forwarding, packets are forwarded based on virtual local area network (VLAN) information and MAC addresses, that is, VLAN+MAC address forwarding. If the destination MAC address of a packet is invalidated due to dynamic MAC address aging, VLAN+MAC address searching will fail. The packet becomes an unknown unicast packet and is broadcast within the VLAN, which poses a security threat. In addition, VLAN+MAC address forwarding is subject to MAC address spoofing and attacks, which lead to security problems.
To address the preceding problems, you can use S-VLAN+C-VLAN (S+C) forwarding instead. In S-VLAN+C-VLAN forwarding, 2 VLAN IDs form a Layer 2 forwarding mapping relationship. Packets are forwarded based on VLANs rather than learned MAC addresses.
For more information, visit Huawei technical support website.

Scroll to top