Command Line Reference
Ethernet Switching
MAC Configuration
20 min
mac configuration show mac flapping config \[command] show mac flapping config \[purpose] view the configuration information of mac address flapping detection function \[view] system view \[ use cases ] sonic# show mac flapping config + + + + + + \| vlan | level | aging | action | enabled | +=========+=========+=========+============+===========+ \| vlan400 | 10 | 600 | error down | true | + + + + + + show mac flapping status \[command] show mac flapping status \[purpose] view records of mac address flapping \[view] system view \[ use cases ] sonic# show mac flapping status + + + + + + \| vlan | mac | times | lastupdate | errordown | +=========+===================+=========+==============+=============+ \| vlan400 | 00 00 01 01 02 01 | 3 | ethernet1 | no | + + + + + + description of the show mac flapping status command output item description vlan vlans undergoing migration mac migrated mac addresses times number of migrations for a mac address lastupdate interface of the last migration errordown whether the interface is shut down show mac address \[command] show mac address \[ interface type interface name] \[purpose] display mac table \[parameter] parameter description interface type interface type, optional ethernet, link aggregation interface name interface name \[view] system view \[ use cases ] sonic# show mac address no vlan macaddress port type \ 1 200 18 17 25 37 67 3e vttnl10 1 0 226 10 1 0 101 static 2 300 18 17 25 37 67 3c vttnl10 1 0 226 10 1 0 101 static total number of entries 2 show mac limit \[command] show mac limit \[{port interface name | vlan vlan id }] \[purpose] view the configured limit on the number of mac address learning entries \[view] system view \[ use cases ] sonic# show mac limit interface mac limit \ vlan800 1000 clear mac address \[command] clear mac address \[{ethernet|link aggregation interface name } ] \[vlan vlan id ] \[{static|dynamic}] \[purpose] empty the mac table \[parameter] parameter description interface name interface name vlan id vlan id, range 1 4094 \[view] system view \[usage scenario] the mac address table space on a device is limited when the mac address table becomes full, it cannot learn new mac address entries until the aging time expires this can lead to new users having to broadcast their packets, wasting network resources in such cases, this command can be used to remove unnecessary mac address entries from the table \[notes] by default, this command will clear all mac addresses on the device, including static mac entries be cautious when using it to avoid unintended consequences \[ use cases ] sonic# clear mac address all fdb entries are cleared mac address static \[command] mac address static hh\ hh\ hh\ hh\ hh \ hh vlan vlan id {ethernet|link aggregation} interface name no mac address static hh\ hh\ hh\ hh\ hh \ hh vlan vlan id \[purpose] configure static mac \[parameter] parameter description hh\ hh\ hh\ hh\ hh \ hh mac address interface name interface name vlan id vlan id,range 1 4094 \[view] system configuration view \[usage scenario] manually configuring static mac address entries is typically done to enhance security network administrators can manually add specific mac address entries to the mac address table, binding user devices to interfaces, in order to prevent unauthorized users from accessing data \[notes] if a dynamic mac address table entry exists in the mac address table with the same static mac address, the added static mac address table entry will automatically overwrite the dynamic mac address table entry \[ use cases ] sonic# configure terminal sonic(config)# mac address static 00\ aa\ aa\ aa\ aa\ aa vlan 4 ethernet 1 mac address blackhole \[command] mac address blackhole hh\ hh\ hh\ hh\ hh \ hh vlan vlan id no mac address blackhole hh\ hh\ hh\ hh\ hh \ hh vlan vlan id \[purpose] configuring the blackhole mac \[parameter] parameter description hh\ hh\ hh\ hh\ hh \ hh mac address vlan id vlan id,range 1 4094 \[view] system configuration view \[usage scenario] to prevent hackers from using mac address attacks on user devices or networks, you can configure the mac addresses of untrusted users as blackhole mac addresses when the device receives a packet with a destination mac address or source mac address that matches a blackhole mac address, it will simply discard the packet this helps enhance network security \[ use cases ] sonic# configure terminal sonic(config)# mac address blackhole aa\ bb\ bb\ bb\ bb\ bb vlan 5 mac address timer \[command] mac address timer aging time mac address timer no aging \[purpose] configure mac aging time \[parameter] parameter description time aging time, in seconds, default aging time is 600s, range 30s 7200s no aging no aging mac table entries \[view] system configuration view \[usage scenario] as network topology evolves, devices will learn an increasing number of mac addresses to prevent the mac address table from growing excessively, it's essential to use this command to set an appropriate aging time for dynamic mac table entries this helps in timely removal of obsolete mac address entries from the table, preventing it from becoming too large \[notes] mac table entry aging time is a parameter that affects the switch mac self learning dynamic mac table entries that exceed the aging time are automatically deleted, and the device relearns the mac and builds a new mac table entry static mac table entries are not affected by the aging time \[ use cases ] sonic# configure terminal sonic(config)# mac address timer aging 3600 sonic(config)# mac address timer no aging mac flapping detect enable \[command] mac flapping detect enable no mac flapping detect enable \[purpose] enable the mac address flapping suppression function \[view] vlan view \[usage scenario] mac address drifting refers to a situation where a mac address learned on one interface of a device is also learned on another interface within the same vlan, with the later learned mac address entry overwriting the original entry when this feature is enabled, if mac address drifting occurs, the device will generate warning logs additionally, user can use the mac flapping detect action error down configuration to forcibly shut down physical interfaces experiencing mac address drifting mac address drifting can occur due to the following reasons the presence of network loops malicious attacks by unauthorized users within the network \[ use cases ] sonic(config)# vlan 400 sonic(config vlan 400)# mac flapping detect enable mac flapping detect action error down \[command] mac flapping detect action error down no mac flapping detect action error down \[purpose] configure the processing action of the interface after the mac address flapping is to shutdown the interface \[view] vlan view \[usage scenario] after configuring mac address flapping actions for a vlan, if the system detects that a mac address has drifted more times within the duration specified by the mac flapping detect aging command than the number configured with the mac flapping detect level command, the system will forcibly shut down the interface where the mac address was last learned note by default, the interface is not automatically restored after shutdown, and needs to be manually restored by the administrator after specifying the shutdown command and then executing the no shutdown command \[ use cases ] sonic(config)# vlan 400 sonic(config vlan 400)# mac flapping detect action error down mac flapping detect aging \[command] mac flapping detect aging time \[purpose] configure the aging time of mac address flapping table entries \[parameter] parameter description time value range 10 7200, unit s \[view] vlan view \[ use cases ] sonic(config)# vlan 400 sonic(config vlan 400)# mac flapping detect aging 100 mac flapping detect level \[command] mac flapping detect level time \[purpose] configure the number of times mac address flapping is detected in a vlan \[parameter] parameter description time value range 5 500 \[view] vlan view \[usage scenario] a flapping is considered to have occurred when the mac address has migrated more than the configured number of flapping detections within the flapping aging time \[ use cases ] sonic(config)# vlan 400 sonic(config vlan 400)# mac flapping detect level 10 mac limit \[command] mac limit value no mac limit \[purpose] configure mac address learning entry limit \[parameter] parameter description value value range 1 32000 \[view] vlan view, interface view \[usage scenario] to control the number of access users or prevent mac address table attacks, you can limit the number of mac addresses that a switch is allowed to learn this helps control the number of access users and enhances network security note when the number of mac address table entries reaches the limit, the new mac address will not be learned \[ use cases ] sonic(config)# vlan 400 sonic(config vlan 400)# mac limit 1000
