Principles of the Layer 2 forwarding policy feature


Access devices, as Layer 2 network devices, support transparent transmission or forwarding of packets at Layer 2. In traditional Layer 2 forwarding, packets are forwarded based on virtual local area network (VLAN) information and MAC addresses, that is, VLAN+MAC address forwarding. If the destination MAC address of a packet is invalidated due to dynamic MAC address aging, VLAN+MAC address searching will fail. The packet becomes an unknown unicast packet and is broadcast within the VLAN, which poses a security threat. In addition, VLAN+MAC address forwarding is subject to MAC address spoofing and attacks, which lead to security problems.
To address the preceding problems, you can use S-VLAN+C-VLAN (S+C) forwarding instead. In S-VLAN+C-VLAN forwarding, 2 VLAN IDs form a Layer 2 forwarding mapping relationship. Packets are forwarded based on VLANs rather than learned MAC addresses.
For more information, visit Huawei technical support website.

Other related questions:
Does a bridge group on an AR router forward packets in Layer 2 or Layer 3

A bridge group on an AR router forwards packets in Layer 2.
Only interfaces with Layer-3 functions can be added to a bridge. However, a bridge forwards data in Layer 2.

Are packets in a bridge group forwarded at Layer 2 or Layer 3
Packets in a bridge group are forwarded at Layer 2. Only interfaces supporting Layer 3 functions can be added to a bridge. Data in a bridge, however, is forwarded at Layer 2.

Whether the firewall supports Layer 2 or Layer 3 forwarding
The USG2000&5000&6000 support implementing the Layer 2 forwarding function in transparent mode. When the firewall implements route-based forwarding, the Layer 3 forwarding function is used.

How to check whether forwarding is looped on a Layer 2 network
The following events indicate that forwarding is looped on a Layer 2 network: Massive congestion and full-bandwidth storm. Run the display interface ethernet brief | include up command to check whether the incoming and outgoing traffic of a port reaches the maximum. Massive MAC address flapping is found during MAC flapping detection. Run the display trap logbuffer command to check whether MAC address flapping alarms are generated.

Default Layer 2 multicast forwarding mode on an S series switch
For S series switches excluding the S1700, after Layer 2 multicast is enabled, the S1720, S2710SI, S2700SI, S2700EI, S2720EI, S2750EI, S5700LI, and S5700S-LI (S5700S-28X-LI-AC and S5700S-52X-LI-AC) forward multicast data based on MAC addresses, and other models forward multicast data based on IP addresses by default.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top