Assigning MAC learning priority to interfaces

The MAC learning priority mechanism assigns either low priority or high priority to an interface. An interface with high priority can learn MAC addresses as usual. However, an interface with low priority is not allowed to learn MAC addresses already learned on a high-priority interface.

The MAC learning priority mechanism can help defend your network against MAC address spoofing attacks. In a network that performs MAC-based forwarding, an upper layer device MAC address might be learned by a downlink interface because of a loop or attack to the downlink interface. To avoid this issue, perform the following tasks:

To assign MAC learning priority to an interface:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter interface view.

  • Enter Layer 2 Ethernet interface view:interface interface-type interface-number

  • Enter Layer 2 aggregate interface view:interface bridge-aggregation interface-number

N/A

3. Assign MAC learning priority to the interface.

mac-address mac-learning priority { high | low }

By default, low MAC learning priority is used.