How a MAC address entry is created
The entries in the MAC address table include entries automatically learned by the device and entries manually added.
MAC address learning
The device can automatically populate its MAC address table by learning the source MAC addresses of incoming frames on each interface.
The device performs the following operations to learn the source MAC address of incoming packets:
Checks the source MAC address (for example, MAC-SOURCE) of the frame.
Looks up the source MAC address in the MAC address table.
The device updates the entry if an entry is found.
The device adds an entry for MAC-SOURCE and the incoming port if no entry is found.
When the device receives a frame destined for MAC-SOURCE after learning this source MAC address, the device performs the following operations:
Finds the MAC-SOURCE entry in the MAC address table.
Forwards the frame out of the port in the entry.
The device performs the learning process for each incoming frame with an unknown source MAC address until the table is fully populated.
Manually configuring MAC address entries
Dynamic MAC address learning does not distinguish between illegitimate and legitimate frames, which can invite security hazards. When Host A is connected to port A, a MAC address entry will be learned for the MAC address of Host A (for example, MAC A). When an illegal user sends frames with MAC A as the source MAC address to port B, the device performs the following operations:
Learns a new MAC address entry with port B as the outgoing interface and overwrites the old entry for MAC A.
Forwards frames destined for MAC A out of port B to the illegal user.
As a result, the illegal user obtains the data of Host A. To improve the security for Host A, manually configure a static entry to bind Host A to port A. Then, the frames destined for Host A are always sent out of port A. Other hosts using the forged MAC address of Host A cannot obtain the frames destined for Host A.