S1720, S2700, S3700, S5700, S6700, S7700, and S9700

Series Switches
Common Operation Guide 6 Common MAC Address Operations

6 Common MAC Address Operations

About This Chapter

6.1 Displaying All MAC Address Entries

6.2 Displaying MAC Address Entries Learned by an Interface
6.3 Displaying MAC Address Entries Learned in a VLAN
6.4 Displaying the System MAC Address
6.5 Displaying the MAC Address of an Interface
6.6 Displaying the MAC Address of a VLANIF Interface
6.7 Obtaining the MAC Address of a Device Based on the IP Address
6.8 Configuring a Static MAC Address
6.9 Configuring a Blackhole MAC Address
6.10 Displaying and Setting the Aging Time of MAC Addresses
6.11 Enabling MAC Address Triggered ARP Entry Update
6.12 Configuring Port Security

6.1 Displaying All MAC Address Entries

# Run the display mac-address command to check all MAC address entries.
<HUAWEI> display mac-address
-------------------------------------------------------------------------------
MAC Address VLAN/VSI Learned-From Type
-------------------------------------------------------------------------------
0000-0000-0002 10/- - blackhole
0000-0000-0003 300/- GE1/0/3 static
0026-6e5c-feac 3000/- Eth-Trunk2 dynamic
0000-c116-0201 -/test Eth-Trunk3 dynamic

-------------------------------------------------------------------------------
Total items displayed = 4

Issue 17 (2018-08-17) Copyright © Huawei Technologies Co., Ltd. 28

S1720, S2700, S3700, S5700, S6700, S7700, and S9700
Series Switches
Common Operation Guide 6 Common MAC Address Operations

Related Content
Videos

Querying MAC Address Entries and ARP Entries

6.2 Displaying MAC Address Entries Learned by an

Interface
# Run the display mac-address dynamic gigabitethernet1/0/1 command to check MAC
address entries learned by GE1/0/1.
<HUAWEI> display mac-address dynamic gigabitethernet1/0/1
-------------------------------------------------------------------------------
MAC Address VLAN/VSI Learned-From Type
-------------------------------------------------------------------------------
0000-0000-0003 300/- GE1/0/1 dynamic
0026-6e5c-feac 3000/- GE1/0/1 dynamic

-------------------------------------------------------------------------------
Total items displayed = 2

6.3 Displaying MAC Address Entries Learned in a VLAN

# Run the display mac-address dynamic vlan 10 command to check the MAC address entry
learned in VLAN 10.
<HUAWEI> display mac-address dynamic vlan 10
-------------------------------------------------------------------------------
MAC Address VLAN/VSI Learned-From Type
-------------------------------------------------------------------------------
0000-0000-0003 10/- GE1/0/1 dynamic
0026-6e5c-feac 10/- GE1/0/2 dynamic

-------------------------------------------------------------------------------
Total items displayed = 2

6.4 Displaying the System MAC Address

You can run the following commands to check the device's MAC address.

l The MAC address of a Layer 2 interface and the device's MAC address are the same.
Run the display interface gigabitethernet1/0/1 command. In the command output,
00e0-f74b-6d00 refers to the device's MAC address.
<HUAWEI> display interface gigabitethernet1/0/1
GigabitEthernet1/0/1 current state :
UP
Line protocol current state :
UP
Description:

Switch Port, Link-type :

access(configured),
PVID : 103, TPID : 8100(Hex), The Maximum Frame Length is
9216
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-
f74b-6d00
......

Issue 17 (2018-08-17) Copyright © Huawei Technologies Co., Ltd. 29

S1720, S2700, S3700, S5700, S6700, S7700, and S9700
Series Switches
Common Operation Guide 6 Common MAC Address Operations

l In V200R002 and later versions, run the display bridge mac-address command to
check the device's MAC address.
<HUAWEI> display bridge mac-address
System bridge MAC address: 00e0-f74b-6d00

6.5 Displaying the MAC Address of an Interface

Run the display interface gigabitethernet1/0/1 command. In the command output, 00e0-
f74b-6d00 refers to the interface's MAC address.
<HUAWEI> display interface gigabitethernet1/0/1
GigabitEthernet1/0/1 current state : UP
Line protocol current state : UP
Description:
Switch Port, Link-type : access(configured),
PVID : 103, TPID : 8100(Hex), The Maximum Frame Length is 9216
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-f74b-6d00
......

6.6 Displaying the MAC Address of a VLANIF Interface

# Run the display interface vlanif10 command. In the command output, 00e0-0987-7891
refers to the VLANIF interface's MAC address.
<HUAWEI> display interface vlanif10
Vlanif10 current state : DOWN
Line protocol current state : DOWN
Description:
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 172.10.1.2/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-0987-7891
Current system time: 2014-08-14 16:40:09+08:00
Input bandwidth utilization : --
Output bandwidth utilization : --

6.7 Obtaining the MAC Address of a Device Based on the

IP Address
# Run the display arp | include ip-address command to obtain the MAC address of the
device based on the IP address.

For example, obtain the MAC address of the device based on the IP address of
192.168.150.20.
<HUAWEI> display arp | include 192.168.150.20
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-
INSTANCE
VLAN/
CEVLAN

------------------------------------------------------------------------------

192.168.150.20 000b-0935-766f 10 D-1

GE1/0/24

------------------------------------------------------------------------------

Total:27 Dynamic:26 Static:0 Interface:1

Issue 17 (2018-08-17) Copyright © Huawei Technologies Co., Ltd. 30

S1720, S2700, S3700, S5700, S6700, S7700, and S9700
Series Switches
Common Operation Guide 6 Common MAC Address Operations

NOTE

l If the entry is empty, the MAC address of the device cannot be obtained based on the IP address.
l If the parameter following include specifies the MAC address, the IP address of the device can be
obtained based on the MAC address.
l The command output on your device may differ from that provided in this example.

6.8 Configuring a Static MAC Address

Configure the MAC address of the fixed upstream device or trusted user host connected to the
switch as the static MAC address to ensure secure communication.
<HUAWEI> system-view
[HUAWEI] vlan 10 //Create VLAN 10.
[HUAWEI-vlan10] quit
[HUAWEI] interface GigabitEthernet1/0/1
[HUAWEI-GigabitEthernet1/0/1] port link-type access
[HUAWEI-GigabitEthernet1/0/1] port default vlan 10 //Add an interface to VLAN 10.
[HUAWEI-GigabitEthernet1/0/1] quit
[HUAWEI] mac-address static 0000-0012-0034 GigabitEthernet1/0/1 vlan 10 //Create
a static MAC address and bind the MAC address of 0000-0012-0034 to the
GigabitEthernet1/0/1.

NOTE

The interface bound to the MAC address must belong to the specified VLAN and the VLAN must have
been created.

6.9 Configuring a Blackhole MAC Address

To prevent a hacker from using a MAC address to attack a user device or network, configure
the MAC address of an untrusted user as the blackhole MAC address. The switch then
discards the received packets with the source or destination MAC address as the blackhole
MAC address.
The switch provides two blackhole MAC address modes: global and VLAN-based blackhole
MAC addresses.
l In the system view, configure the MAC address of 0000-0012-0034 as a global blackhole
MAC address.
<HUAWEI> system-view
[HUAWEI] mac-address blackhole 0000-0012-0034

l In the system view, configure the MAC address of 0000-0012-0035 as the blackhole
MAC address in VLAN 10.
<HUAWEI> system-view
[HUAWEI] mac-address blackhole 0000-0012-0035 vlan 10

6.10 Displaying and Setting the Aging Time of MAC

Addresses
# In the system view, run the mac-address aging-time 600 command to set the aging time of
dynamic MAC addresses to 600s. By default, the aging time is 300s.
<HUAWEI> system-view
[HUAWEI] mac-address aging-time 600

# In any view, run the display mac-address aging-time command to view the aging time of
dynamic MAC addresses.

Issue 17 (2018-08-17) Copyright © Huawei Technologies Co., Ltd. 31

S1720, S2700, S3700, S5700, S6700, S7700, and S9700
Series Switches
Common Operation Guide 6 Common MAC Address Operations

<HUAWEI> display mac-address aging-time

Aging time: 300 second(s)

6.11 Enabling MAC Address Triggered ARP Entry Update

On the Ethernet, MAC address entries are used to guide Layer 2 data forwarding. The ARP
entries that define the mapping between IP addresses and MAC addresses guide
communication between devices on different network segments.
The outbound interface in a MAC address entry is updated by packets, whereas the outbound
interface in an ARP entry is updated after the aging time is reached. In this case, the outbound
interfaces in the MAC address entry and ARP entry may be different. To address this issue,
run the mac-address update arp command to enable the switch to update outbound
interfaces in ARP entries when outbound interfaces in MAC address entries change.
# Enable the MAC address triggered ARP entry update function.
<HUAWEI> system-view
[HUAWEI] mac-address update arp

6.12 Configuring Port Security

Port security implements dynamic binding. After the maximum number of MAC addresses
that can be learned by an interface is set, other non-trusted hosts cannot use the local interface
to communicate with the switch, thereby improving the device and network security.
# Configure port security on the GE1/0/1.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] port-security enable

# Set the maximum number of MAC addresses that can be learned by the GE1/0/1 to 5.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] port-security enable
[HUAWEI-GigabitEthernet1/0/1] port-security max-mac-num 5

NOTE

Before setting the maximum number of MAC addresses that can be learned by an interface, ensure that
the interface has been enabled with port security.

Issue 17 (2018-08-17) Copyright © Huawei Technologies Co., Ltd. 32