VLAN and MAC Address Configuration

Content

Content
CHAPTER 1 VLAN CONFIGURATION..........................................1
1.1 VLAN CONFIGURATION.............................................................................1
1.1.1 Introdu tion to VLAN........................................................................................1 1.1.! VLAN Configuration Tas" List..........................................................................! 1.1.# T$%i a& VLAN A%%&i ation.................................................................................'

1.! GVRP CONFIGURATION.............................................................................(

1.!.1 Introdu tion to GVRP........................................................................................( 1.!.! GVRP Configuration Tas" List.........................................................................( 1.!.# T$%i a& GVRP A%%&i ation.................................................................................) 1.!.' GVRP Trou*&es+ooting.....................................................................................,

CHAPTER ! MAC TA-LE CONFIGURATION...............................1

!.1 INTRO.UCTION TO MAC TA-LE.................................................................1
!.1.1 O*taining MAC Ta*&e........................................................................................1 !.1.! For/ard or Fi&ter................................................................................................#

!.! MAC A..RE00 TA-LE CONFIGURATION TA01 LI0T.....................................' !.# T2PICAL CONFIGURATION E3AMPLE0.........................................................4 !.' MAC TA-LE TROU-LE0HOOTING...............................................................( !.4 MAC A..RE00 FUNCTION E3TEN0ION.......................................................(
!.4.1 MAC Address -inding.......................................................................................(

VLAN and MAC Address Configuration

C+a%ter 1 VLAN Configuration

C+a%ter 1 VLAN Configuration

1.1 VLAN Configuration 1.1.1 Introdu tion to VLAN
VLAN (Virtual Local Area Network) is a technology that divides the logical addresses of devices within the network to separate network segments basing on functions, applications or management requirements !y this way, virtual workgroups can be formed regardless of the physical location of the devices "### announced "### $%& '( protocol to direct the standardi)ed VLAN implementation, and the VLAN function of switch is implemented following "### $%& '( *he key idea of VLAN technology is that a large LAN can be partitioned into many separate broadcast domains dynamically to meet the demands 0witch 0witch 0witch

VLAN1 0erver 0erver 0erver

VLAN!

12

12

12

VLAN#

Laser 1rinter

12

12

+ig ',' A VLAN network defined logically #ach broadcast domain is a VLAN VLANs have the same properties as the physical LANs, e-cept VLAN is a logical partition rather than physical one *herefore, the partition of VLANs can be performed regardless of physical locations, and the broadcast, multicast and unicast traffic within a VLAN is separated from the other VLANs .ith the aforementioned features, VLAN technology provides us with the following convenience/ "mproving network performance 0aving network resources

VLAN and MAC Address Configuration 0implifying network management Lowering network cost #nhancing network security

C+a%ter 1 VLAN Configuration

*he switch implements VLAN and 3V41 (3A41 VLAN 4egistration 1rotocol) which are defined by $%& '( *he chapter will e-plain the use and the configuration of VLAN and 3V41 in detail

1.1.! VLAN Configuration Tas" List

' & 5 6 7 8 9 $ < 2reate or delete VLAN 0et or delete VLAN name Assign 0witch ports for VLAN 0et the switch port type 0et *runk port 0et Access port #nable:;isable VLAN ingress rules globally 2onfigure 1rivate VLAN 0et 1rivate VLAN association

1. Create or de&ete VLAN

2ommand 3lobal =ode 6&an 7OR. no 6&an 7OR. !. 0et or de&ete VLAN na5e

#-planation 2reate:delete VLAN or enter VLAN =ode

2ommand 3lobal =ode na5e 86&an9na5e: no na5e #. Assigning 0/it + %orts for VLAN

#-planation 0et or delete VLAN name

2ommand VLAN =ode s/it +%ort interfa e 8interface-list> no s/it +%ort interfa e 8interface-list>

#-planation Assign 0witch ports to VLAN

VLAN and MAC Address Configuration '. 0et t+e 0/it + Port T$%e 2ommand 1ort =ode s/it +%ort 5ode <trun" = a ess>

C+a%ter 1 VLAN Configuration

#-planation 0et the current port as *runk or Access port

4. 0et Trun" %ort 2ommand 1ort =ode s/it +%ort trun" a&&o/ed 6&an <7OR. = a&& = add 7OR. = e? e%t 7OR.=re5o6e 7OR.> no s/it +%ort trun" a&&o/ed 6&an s/it +%ort trun" nati6e 6&an 8vlan-id> no s/it +%ort trun" nati6e 6&an (. 0et A 2ommand 1ort =ode s/it +%ort a ess 6&an 8vlan-id> ess 6&an Add the current port to the specified VLAN *he >no? command restores the default setting no s/it +%ort a ess %ort #-planation 0et:delete 1V"; for *runk port 0et:delete VLAN allowed to be crossed by *runk *he >no? command restores the default setting #-planation

). .isa*&e;Ena*&e VLAN Ingress Ru&es 2ommand 3lobal =ode 6&an ingress ena*&e no 6&an ingress ena*&e #nable:;isable VLAN ingress rules #-planation

, Configure Pri6ate VLAN

VLAN and MAC Address Configuration

C+a%ter 1 VLAN Configuration

2ommand VLAN mode %ri6ate96&an <%ri5ar$ = iso&ated = o55unit$> no %ri6ate96&an

#-planation 2onfigure 1rivate command VLAN current VLAN deletes VLAN *he to no

private

@. 0et Pri6ate VLAN asso iation 2ommand VLAN mode %ri6ate96&an asso iation 8se ondar$96&an9&ist: no %ri6ate96&an asso iation 0et:delete association 1rivate VLAN #-planation

1.1.# T$%i a& VLAN A%%&i ation

0cenario/ VLAN1AA VLAN! 12 12 0witch A Trun" Lin" 0witch ! .orkstation .orkstation 12 VLAN!AA

12

12 VLAN! 12 .orkstation VLAN1AA .orkstation 12 12 VLAN!AA

+ig ',& *ypical VLAN Application *opology

'

VLAN and MAC Address Configuration

C+a%ter 1 VLAN Configuration

*he e-isting LAN is required to be partitioned to 5 VLANs due to security and application requirements *he three VLANs are VLAN&, VLAN'%% and VLAN&%% *hose three VLANs are cross two different location A and ! @ne switch is placed in each site, and cross,location requirement can be met if VLAN traffic can be transferred between the two switches 2onfiguration "tem VLAN& VLAN'%% VLAN&%% *runk port 2onfiguration description 0ite A and site ! switch port & ,6 0ite A and site ! switch port 7 ,9 0ite A and site ! switch port $ ,'% 0ite A and site ! switch port ''

2onnect the *runk ports of both switches for a *runk link to convey the cross,switch VLAN trafficA connect all network devices to the other ports of corresponding VLANs "n this e-ample, port ' and port '& is spared and can be used for management port or for other purposes *he configuration steps are listed below/ 0/it + AB 0witch(config)Bvlan & 0witch(2onfig,Vlan&)Bswitchport interface ethernet ':&,6 0witch(2onfig,Vlan&)Be-it 0witch(config)Bvlan '%% 0witch(2onfig,Vlan'%%)Bswitchport interface ethernet ':7,9 0witch(2onfig,Vlan'%%)Be-it 0witch(config)Bvlan &%% 0witch(2onfig,Vlan&%%)Bswitchport interface ethernet ':$,'% 0witch(2onfig,Vlan&%%)Be-it 0witch(config)Binterface ethernet ':'' 0witch(2onfig,"f,#thernet':'')Bswitchport mode trunk 0witch(2onfig,"f,#thernet':'')Be-it 0witch(config)B 0/it + -B 0witch(config)Bvlan & 0witch(2onfig,Vlan&)Bswitchport interface ethernet ':&,6 0witch(2onfig,Vlan&)Be-it 0witch(config)Bvlan '%% 0witch(2onfig,Vlan'%%)Bswitchport interface ethernet ':7,9 0witch(2onfig,Vlan'%%)Be-it 0witch(config)Bvlan &%% 0witch(2onfig,Vlan&%%)Bswitchport interface ethernet ':$,'% 0witch(2onfig,Vlan&%%)Be-it 0witch(config)Binterface ethernet ':'' 0witch(2onfig,"f,#thernet':'')Bswitchport mode trunk 0witch(2onfig,"f,#thernet':'')Be-it

VLAN and MAC Address Configuration

C+a%ter 1 VLAN Configuration

1.! GVRP Configuration 1.!.1 Introdu tion to GVRP

3A41 (3eneric Attribute 4egistration 1rotocol) can be used to dynamically distribute, populate and register property information between switch members within a switch network, the property can be VLAN information, =ulticast =A2 address of the other information As a matter of fact, 3A41 protocol can convey multiple property features the switch need to populate Various 3A41 applications are defined on the basis of 3A41, which are called 3A41 application entities, and 3V41 is one of them 3V41 (3A41 VLAN 4egistration 1rotocol) is an application based on 3A41 working mechanism "t is responsible for the maintenance of dynamic VLAN register information and population of such register information to the other switches 0witches support 3V41 can receive VLAN dynamic register information from the other switches, and update local VLAN register information according the information received *he switch enabled 3V41 can also populate their own VLAN register information to the other switches *he populated VLAN register information includes local static information manually configured and dynamic information learnt from the other switches *herefore, by populating the VLAN register information, VLAN information consistency can be achieved among all 3V41 enabled switches

1.!.! GVRP Configuration Tas" List

' 2onfiguring 3A41 *imer 1arameters & #nable 3V41 function 1. Configuring GARP Ti5er %ara5eters 2ommand 1ort =ode gar% ti5er Coin 8ti5er96a&ue: no gar% ti5er Coin gar% ti5er &ea6e 8ti5er96a&ue: no gar% ti5er &ea6e gar% ti5er +o&d 8ti5er96a&ue: no gar% ti5er +o&d 3lobal =ode gar% ti5er &ea6ea&& 8ti5er96a&ue: no gar% ti5er &ea6ea&& !. Ena*&e GVRP fun tion ( 2onfigure the leave all timer for 3A41 2onfigure the hold, Coin and leave timers for 3A41 #-planation

VLAN and MAC Address Configuration

C+a%ter 1 VLAN Configuration

2ommand 1ort =ode g6r% no g6r% 3lobal =ode g6r% no g6r%

#-planation #nable:disable the 3V41

function on current port #nable:disable the 3V41

function for the switch

1.!.# T$%i a& GVRP A%%&i ation

0cenario/
PC

0/it + A

0/it + -

0/it + C

PC

+ig ',5 *ypical 3V41 Application *opology

*o enable dynamic VLAN information register and update among switches, 3V41 protocol is to be configured in the switch 2onfigure 3V41 in 0witch A, ! and 2, enable 0witch ! to learn VLAN'%% dynamically so that the two workstation connected to VLAN'%% in 0witch A and 2 can communicate with each other through 0witch ! without static VLAN'%% entries Configuration Configuration des ri%tion

VLAN and MAC Address Configuration Ite5 VLAN'%% *runk port 3lobal 3V41 1ort 3V41 1ort & ,8 of 0witch A and 2

C+a%ter 1 VLAN Configuration

1ort '' of 0witch A and 2, 1ort '%, '' of 0witch ! 0witch A, !, 2 1ort '' of 0witch A and 2, 1ort '%, '' of 0witch !

2onnect the two workstation to the VLAN'%% ports in switch A and !, connect port '' of 0witch A to port '% of 0witch !, and port '' of 0witch ! to port '' of 0witch 2 *he configuration steps are listed below/ 0witch A/ 0witch(config)B gvrp 0witch(config)Bvlan '%% 0witch(2onfig,Vlan'%%)Bswitchport interface ethernet ':&,8 0witch(2onfig,Vlan'%%)Be-it 0witch(config)Binterface #thernet ':'' 0witch(2onfig,"f,#thernet':'')Bswitchport mode trunk 0witch(2onfig,"f,#thernet':'')B gvrp 0witch(2onfig,"f,#thernet':'')Be-it 0witch !/ 0witch(config)B bridge,e-t gvrp 0witch(config)Binterface ethernet ':'% 0witch(2onfig,"f,#thernet':'%)Bswitchport mode trunk 0witch(2onfig,"f,#thernet':'%)B gvrp 0witch(2onfig,"f,#thernet':'%)Be-it 0witch(config)Binterface ethernet ':'' 0witch(2onfig,"f,#thernet':'')Bswitchport mode trunk 0witch(2onfig,"f,#thernet':'')B gvrp 0witch(2onfig,"f,#thernet':'')Be-it 0witch 2/ 0witch(config)B gvrp 0witch(config)Bvlan '%% 0witch(2onfig,Vlan'%%)Bswitchport interface ethernet ':&,8 0witch(2onfig,Vlan'%%)Be-it 0witch(config)Binterface ethernet ':'' 0witch(2onfig,"f,#thernet':'')Bswitchport mode trunk 0witch(2onfig,"f,#thernet':'')B gvrp 0witch(2onfig,"f,#thernet':'')Be-it

1.!.' GVRP Trou*&es+ooting

*he 3A41 counter setting in for *runk ports in both ends of *runk link must be the

VLAN and MAC Address Configuration

C+a%ter 1 VLAN Configuration

same, otherwise 3V41 will not work properly "t is recommended to avoid enabling 3V41 and 40*1 at the same time in switch "f 3V41 is to be enabled, 40*1 function for the ports must be disabled first

VLAN and MAC Address Configuration

C+a%ter ! MAC Ta*&e Configuration

C+a%ter ! MAC Ta*&e Configuration

!.1 Introdu tion to MAC Ta*&e
=A2 table is a table identifies the mapping relationship between destination =A2 addresses and switch ports =A2 addresses can be categori)ed as static =A2 addresses and dynamic =A2 addresses 0tatic =A2 addresses are manually configured by the user, have the highest priority and are permanently effective (will not be overwritten by dynamic =A2 addresses)A dynamic =A2 addresses are entries learnt by the switch in data frame forwarding, and is effective for a limited period .hen the switch receives a data frame to be forwarded, it stores the source =A2 address of the data frame and creates a mapping to the destination port *hen the =A2 table is queried for the destination =A2 address, if hit, the data frame is forwarded in the associated port, otherwise, the switch forwards the data frame to its broadcast domain "f a dynamic =A2 address is not learnt from the data frames to be forwarded for a long time, the entry will be deleted from the switch =A2 table *here are two =A2 table operations/ ' @btain a =A2 address & +orward or filter data frame according to the =A2 table

!.1.1 O*taining MAC Ta*&e

*he =A2 table can be built up statically and dynamically 0tatic configuration is to set up a mapping between the =A2 addresses and the portsA dynamic learning is the process in which the switch learns the mapping between =A2 addresses and ports, and updates the =A2 table regularly "n this section, we will focus on the dynamic learning process of =A2 table

VLAN and MAC Address Configuration

C+a%ter ! MAC Ta*&e Configuration

Port 4

Port 1!

PC1

PC!

PC#

PC'

MAC AA9A1911911911911

MAC AA9A19##9##9##9## MAC AA9A19!!9!!9!!9!! MAC AA9A19''9''9''9''

+ig &,' =A2 *able dynamic learning *he topology of the figure above/ 6 12s connected to switch, where 12' and 12& belongs to a same physical segment (same collision domain), the physical segment connects to port ':7 of switchA 125 and 126 belongs to the same physical segment that connects to port ':'& of switch *he initial =A2 table contains no address mapping entries *ake the communication of 12' and 125 as an e-ample, the =A2 address learning process is as follow/ ' .hen 12' sends message to 125, the switch receives the source =A2 address %%, %','','','','' from this message, the mapping entry of %%,%','','','','' and port ':7 is added to the switch =A2 table & At the same time, the switch learns the message is destined to %%,%',55,55,55,55, as the =A2 table contains only a mapping entry of =A2 address %%,%','','','','' and port':7, and no port mapping for %%,%',55,55,55,55 present, the switch broadcast this message to all the ports in the switch (assuming all ports belong to the default VLAN') 5 125 and 126 on port ':'& receive the message sent by 12', but 126 will not reply, as the destination =A2 address is %%,%',55,55,55,55, only 125 will reply to 12' .hen port ':'& receives the message sent by 125, a mapping entry for =A2 address %%,%',55,55,55,55 and port ':'& is added to the =A2 table 6 Now the =A2 table has two dynamic entries, =A2 address %%,%','','','','' , port ':7 and %%,%',55,55,55,55 ,port':'& 7 After the communication between 12' and 125, the switch does not receive any message sent from 12' and 125 And the =A2 address mapping entries in the =A2 table are deleted after 5%% seconds *he 5%% seconds here is the default aging time for =A2 address entry in switch Aging time can be modified in switch

VLAN and MAC Address Configuration

C+a%ter ! MAC Ta*&e Configuration

!.1.! For/ard or Fi&ter

*he switch will forward or filter received data frames according to the =A2 table *ake the above figure as an e-ample, assuming switch have learnt the =A2 address of 12' and 125, and the user manually configured the mapping relationship for 12& and 126 to ports *he =A2 table of switch will be/ =A2 Address %%,%','','','','' %%,%',&&,&&,&&,&& %%,%',55,55,55,55 ':7 ':'& 1ort number #ntry added by ;ynamic learning 0tatic configuration ;ynamic learning 0tatic configuration

%%,%',66,66,66,66 ':'& ' +orward data according to the =A2 table

"f 12' sends a message to 125, the switch will forward the data received on port ':7 from port':'& & +ilter data according to the =A2 table "f 12' sends a message to 12&, the switch, on checking the =A2 table, will find 12& and 12' are in the same physical segment and filter the message (i e drop this message) *hree types of frames can be forwarded by the switch/ !roadcast frame =ulticast frame Dnicast frame *he following describes how the switch deals with all the three types of frames/ ' !roadcast frame/ *he switch can segregate collision domains but not broadcast domains "f no VLAN is set, all devices connected to the switch are in the same broadcast domain .hen the switch receives a broadcast frame, it forwards the frame in all ports .hen VLANs are configured in the switch, the =A2 table will be adapted accordingly to add VLAN information "n this case, the switch will not forward the received broadcast frames in all ports, but forward the frames in all ports in the same VLAN & =ulticast frame/ .hen "3=1 0nooping function is not enabled, multicast frames are processed in the same way as broadcast framesA when "3=1 0nooping is enabled, the switch will only forward the multicast frames to the ports belonging to the very multicast group 5 Dnicast frame/ .hen no VLAN is configured, if the destination =A2 addresses are in the switch =A2 table, the switch will directly forward the frames to the associated portsA when the destination =A2 address in a unicast frame is not found in the =A2 table, the switch will broadcast the unicast frame .hen VLANs are configured, the switch will forward unicast frame within the same VLAN "f the destination =A2 address is found in the =A2 table but belonging to different VLANs, the switch can only broadcast the unicast frame in the VLAN it belongs to

VLAN and MAC Address Configuration

C+a%ter ! MAC Ta*&e Configuration

!.! Ma Address Ta*&e Configuration Tas" List

' 2onfigure the =A2 address aging,time & 2onfigure static =A2 forwarding or filter entry 1. Configure t+e MAC aging9ti5e #-planation 2onfigure the =A2 address aging, time

2ommand 3lobal =ode 5a 9address9ta*&e aging9ti5e 80|agingtime: no 5a 9address9ta*&e aging9ti5e !.

Configure stati MAC for/arding or fi&ter entr$

'

VLAN and MAC Address Configuration

C+a%ter ! MAC Ta*&e Configuration

2ommand 3lobal =ode 5a 9address9ta*&e <stati address <mac-addr> = *&a "+o&e> <vlan-id>

#-planation 2onfigure static =A2 forwarding or filter entry

6&an

Dinterfa e et+ernet <interface-name>E = Dsour e=destination=*ot+E no 5a 9address9ta*&e <stati = *&a "+o&e = d$na5i > Daddress <mac-addr>E D6&an <vlan-id>E Dinterfa e et+ernet <interfacename>E

!.# T$%i a& Configuration E?a5%&es

1;4

1;)

1;@

1;11

PC1

PC!

PC#

PC'

MAC AA9A1911911911911

MAC AA9A19##9##9##9## MAC AA9A19!!9!!9!!9!! MAC AA9A19''9''9''9''

+ig &,& =A2 *able typical configuration e-ample 0cenario/ +our 12s as shown in the above figure connect to port ':7':9':<':'' of switch, all the four 12s belong to the default VLAN' As required by the network environment, dynamic learning is enabled 12' holds sensitive data and can not be accessed by any other 12 that is in another physical segmentA 12& and 125 have static mapping set to port 9 and port <, respectively *he configuration steps are listed below/ ' 0et the =A2 address %%,%','','','','' of 12' as a filter address 0witch(config)Bmac,address,table static %%,%','','','','' discard vlan ' 4

VLAN and MAC Address Configuration

C+a%ter ! MAC Ta*&e Configuration

& 0et the static mapping relationship for 12& and 125 to port 9 and port <, respectively 0witch(config)Bmac,address,table static %%,%',&&,&&,&&,&& interface ethernet ':9 vlan ' 0witch(config)Bmac,address,table static %%,%',55,55,55,55 interface ethernet ':< vlan '

!.' MAC Ta*&e Trou*&es+ooting

Dsing the show mac,address,table command, a port is found to be failed to learn the =A2 of a device connected to it 1ossible reasons/ *he connected cable is broken 0panning *ree is enabled and the port is in >discarding? statusA or the device is Cust connected to the port and 0panning *ree is still under calculation, wait until the 0panning *ree calculation finishes, and the port will learn the =A2 address "f not the problems mentioned above , please check for the switch portand contact technical support for solution

!.4 MAC Address Fun tion E?tension !.4.1 MAC Address -inding
!.4.1.1 Introdu tion to MAC Address -inding
=ost switches support =A2 address learning, each port can dynamically learn several =A2 addresses, so that forwarding data streams between known =A2 addresses within the ports can be achieved "f a =A2 address is aged, the packet destined for that entry will be broadcasted "n other words, a =A2 address learned in a port will be used for forwarding in that port, if the connection is changed to another port, the switch will learn the =A2 address again to forward data in the new port Eowever, in some cases, security or management policy may require =A2 addresses to be bound with the ports, only data stream from the binding =A2 are allowed to be forwarded in the ports *hat is to say, after a =A2 address is bound to a port, only the data stream destined for that =A2 address can flow in from the binding port, data stream destined for the other =A2 addresses that not bound to the port will not be allowed to pass through the port

!.4.1.! MAC Address -inding Configuration Tas" List

' & 5 6 #nable =A2 address binding function for the ports Lock the =A2 addresses for a port =A2 address binding property configuration mac,notification trap configuration

VLAN and MAC Address Configuration

C+a%ter ! MAC Ta*&e Configuration

1. Ena*&e MAC address *inding fun tion for t+e %orts 2ommand 1ort =ode s/it +%ort %ort9se urit$ no s/it +%ort %ort9se urit$ #nable =A2 address binding function for the port and lock the port .hen a port is locked, the =A2 address learning function for the port will be disabled/ the >no s/it +%ort %ort9se urit$? command disables the =A2 address binding function for the port F and restores the =A2 address learning function for the port #-planation Lock the port, then =A2 addresses learned will be disabled *he >no s/it +%ort %ort9se urit$ &o "? command restores the function 2onvert dynamic secure =A2 addresses learned by the port to static secure =A2 addresses #nable port locking timer functionA the >no s/it +%ort %ort9se urit$ ti5eout? restores the default setting Add static secure =A2 addressA the >no s/it +%ort %ort9se urit$ 5a 9 address? command deletes static secure =A2 address 2lear dynamic =A2 addresses learned by the specified port #-planation 0et the ma-imum number of secure =A2 addresses for a portA the > no s/it +%ort %ort9se urit$ 5a?i5u5? command restores the default value #-planation

!. Lo " t+e MAC addresses for a %ort 2ommand 1ort =ode s/it +%ort %ort9se urit$ &o " no s/it +%ort %ort9se urit$ &o "

s/it +%ort %ort9se urit$ on6ert

s/it +%ort %ort9se urit$ ti5eout <value> no s/it +%ort %ort9se urit$ ti5eout s/it +%ort %ort9se urit$ 5a 9address 8mac-address> no s/it +%ort %ort9se urit$ 5a 9 address 8mac-address> Admin =ode &ear %ort9se urit$ d$na5i Daddress 8mac-addr> = interfa e 8interface-id>E 2ommand 1ort =ode s/it +%ort %ort9se urit$ 5a?i5u5 8value> no s/it +%ort %ort9se urit$ 5a?i5u5 8value>

#. MAC address *inding %ro%ert$ onfiguration

VLAN and MAC Address Configuration s/it +%ort %ort9se urit$ 6io&ation <%rote t = s+utdo/n> no s/it +%ort %ort9se urit$ 6io&ation '. 5a 9notifi ation tra% onfiguration 2ommand 3lobal =ode 5a 9address9ta*&e s$n +roniGing ena*&e no 5a 9address9ta*&e s$n +roniGing ena*&e 5a 9address9ta*&e ti5e %eriodi 95onitor9

C+a%ter ! MAC Ta*&e Configuration 0et the violation mode for the portA the >no s/it +%ort %ort9se urit$ 6io&ation? command restores the default setting #-planation #nable the monitor function for =A2, if a =A2 is added or deleted, the system will report this monitored eventA the no command will cancel this function 0et the =A2 monitor interval to count the added and deleted =A2 in time, and send out them with trap message

!.4.1.# -inding MAC Address -inding Trou*&es+ooting

#nabling =A2 address binding for ports may fail in some occasions Eere are some possible causes and solutions/ "f =A2 address binding cannot be enabled for a port, make sure the port is not enabling port aggregation and is not configured as a *runk port =A2 address binding is e-clusive to such configurations "f =A2 address binding is to be enabled, the functions mentioned above must be disabled first "f a secure address is set as static address and deleted, that secure address will be unusable even though it e-ists +or this reason, it is recommended to avoid static address for ports enabling =A2 address