Which MAC addresses on the AR router do not age

17

The static and blackhole MAC addresses of the AR router do not age.

Other related questions:
Which MAC addresses do not age
Static media access control (MAC) addresses and blackhole MAC addresses.

How to check and configure the MAC address aging time on an S series switch
For S series switches (except the S1700), configure the MAC address aging time as follows:
[HUAWEI] mac-address aging-time 500 //Set the MAC address aging time to 500s.

Check the MAC address aging time as follows:
<HUAWEI> display mac-address aging-time
  Aging time:300 second(s)     //The current aging time is 300s.

How to filter MAC addresses on an AR router
On a network where security requirements for user access are high, configure the interface security function on the router to enable the MAC addresses learnt by an interface to be converted to secure MAC addresses. If the maximum number of MAC addresses that can be learnt by a router reaches the upper limit, the router does not learn new MAC addresses and allows communication with the devices of only these MAC addresses. This can prevent untrusted users from communicating with the router over this interface and improve device and network security. For details about the function and its configuration procedure, choose Configuration Guide (via Command Line)> Security> Port Security Configuration through the URL: Product documentation."

Why secure MAC addresses are not aged when the aging time arrives
The secure MAC address aging time is related to the global aging time of dynamic MAC addresses, and depends on the MAC address traffic match flag bit that is updated after the dynamic MAC addresses are globally aged out. That is, after the secure MAC address aging time arrives, the system checks whether the MAC address flag bit is cleared. If it is not cleared, the secure MAC address is not aged out.

Are the switch MAC address entries matching destination MAC addresses of packets aged out
In V100R005 and earlier versions, by default, MAC address entries are aged out no matter whether the entries match destination MAC addresses of packets. To resolve network problems, modify the V100R005SPH007 patch as follows: The aging time is recalculated for the MAC address entries to be aged out when the entries match destination MAC addresses of packets. In V100R006 and later versions, by default, the aging time is recalculated for the MAC address entries to be aged out when the entries match destination MAC addresses of packets. NOTE: This command is used only when one-way services are deployed on the network. Packets of two-way services are transmitted bidirectionally; therefore, dynamic MAC address entries match both the source MAC addresses and destination MAC addresses of packets and are not aged. When a user uses one-way services such as the on-demand service, packets are transmitted unidirectionally from the server to the user terminal. When the user terminal is shut down, the server still sends one-way packets. Therefore, the destination MAC address of the packets matches the MAC address entry and the MAC address is never aged out.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top