Method used to configure the aging time configured for MAC address entries on USG firewalls

7

Run the mac-address aging-time seconds command to configure the aging time for a dynamic MAC address entry.
The value of seconds is 0 or ranges from 30s to 65535s. If seconds is set to 0, the MAC address entry is not aged. By default, the aging time for a dynamic MAC address entry is set to 300s.
The aging time of an MAC address table is for dynamic entries only. Non-dynamic entries are not aged.

Other related questions:
Whether USG firewalls support the aging time configured for MAC address entries
The USG2000 and USG5000 support the aging time configured for MAC address entries.

Method used to configure dynamic MAC address entries on USG firewalls
Dynamic MAC address entries are manually configured or learned by a device. They can be aged based on the configuration. To configure a dynamic MAC address entry, in the system or interface view, run the mac-address dynamic mac-address interface-type interface-number vlan vlan-id command.

Method used to configure blackhole MAC address entries on USG firewalls
Blackhole MAC address entries are a special type of MAC addresses that are manually configured. A device discards a packet if the destination MAC address in the packet is a blackhole MAC address. To configure a blackhole MAC address entry, in the system or interface view, run the mac-address blackhole mac-address interface-type interface-number vlan vlan-id command.

Method used to configure static MAC address entries on USG firewalls
Static MAC address entries are added or deleted manually, and cannot be aged. Static MAC address entries can decrease the broadcast traffic on the network. Static MAC address entries are applicable to a network with less device changed. To configure a static MAC address entry, in the system or interface view, run the mac-address static mac-address interface-type interface-number vlan vlan-id command.

Method used to configure the MAC address learning restriction on USG firewalls
The MAC address learning restriction indicates a function of configuring rules for restricting the dynamic MAC address learning. This function is applicable to a network that supports user access but is not safe enough, for example, a cell access network or an enterprise intranet that is lack of security management. When the number of accessed user reaches a limit, the MAC addresses of new accessed users are not learned, and packets from these users are discarded. Before configuring the MAC address learning restriction, if a port has learned MAC addresses, run the undo mac-address dynamic command in the system view to clear these MAC addresses. Otherwise, the limit for the MAC address learning restriction becomes inaccurate. To configure the MAC address learning restriction, run the mac-limit { maximum max | action { discard | forward } } *, command in the L2 interface view.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top