After an interface on a CE switch becomes Up during the aging time, will the switch still detect MAC address flapping during the remaining aging time

21

The default aging time of flapped MAC addresses is 300 seconds. You can run the error-down auto-recovery cause mac-address-flapping interval interval-value command to configure it. After the command is executed, if MAC address flapping stops and the interface becomes Up after the delay, the CE switch no longer detects MAC address flapping during the remaining aging time. This is because the aging time does not expire. If detection on MAC address flapping is required, it is recommended that the delay for an interface to automatically become Up be set greater than the aging time of flapped MAC addresses.

Other related questions:
How to check and configure the MAC address aging time on an S series switch
For S series switches (except the S1700), configure the MAC address aging time as follows:
[HUAWEI] mac-address aging-time 500 //Set the MAC address aging time to 500s.

Check the MAC address aging time as follows:
<HUAWEI> display mac-address aging-time
  Aging time:300 second(s)     //The current aging time is 300s.

Why secure MAC addresses are not aged when the aging time arrives
The secure MAC address aging time is related to the global aging time of dynamic MAC addresses, and depends on the MAC address traffic match flag bit that is updated after the dynamic MAC addresses are globally aged out. That is, after the secure MAC address aging time arrives, the system checks whether the MAC address flag bit is cleared. If it is not cleared, the secure MAC address is not aged out.

Maximum number of MAC address flapping times that CE series switches can detect
The maximum number of MAC address flapping times that CE series switches can detect is 65535. When the number of flapping times is greater than 65535, the MoveNum field is still 65535 in the display mac-address flapping command output. In most cases, there is a low probability that MAC address flapping occurs many times. If the number reaches the threshold, you can run the reset mac-address flapping record command to clear the detection record on CE series switches.

Firewall session aging time
Generally, you can use the default aging time of the session table. To change the aging time of the session table for a specific protocol type, run the firewall session aging-time command. For the USG2000&5000 series, you can set the service aging time on the web UI. On the web UI, choose Firewall > Service > Service Aging Time. To view the aging time of the session entries of all traffic in the current system, you can run the display firewall session aging-time command.

What are the aging time and aging mechanism of ARP entries
The default aging time of ARP entries is 20 minutes. You can run the arp expire-time command to change the aging time. You can also change the number of ARP probes by running the arp detect-times command. The default number of ARP probes is 3. When the aging time of an ARP entry expires, the device sends a probe packet to the corresponding IP address every 5 seconds. If the device does not receive any response after the specified number of probes, it deletes the ARP entry. For example, the aging time of ARP entries is set to 60s and the number of ARP probes is set to 6. After 60s since an ARP entry is generated, the device sends an ARP probe every 5s. If the device does not receive any response after sending six probes, it deletes the ARP entry. Therefore, the actual aging time of the ARP entry is (60 + 6 x 5) = 90s. NOTE: For V100R002 version, the S2700/S3700/S5700/S6700 supports the 1/2 probe time and 3/4 probe time. The numbers of probes on the two time points are both 3 and cannot be changed. For example, if the aging time is 20 minutes (1200s) and the number of ARP probes is 6, the SS2700/S3700/S5700/S6700 sends three ARP probes at an interval of 5s after 10 minutes. After 15 minutes, the S2700/S3700/S5700/S6700 also sends three ARP probes at an interval of 5s. After 20 minutes, the S2700/S3700/S5700/S6700 sends six ARP probes at an interval of 5s. If the S2700/S3700/S5700/S6700 does not receive any response, it deletes the ARP entry.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top