Assigning MAC learning priority to an interface

IMPORTANT:

To make this feature take effect in an IRF fabric, you must also enable MAC address synchronization by using the mac-address mac-roaming enable command.

The MAC learning priority mechanism assigns either low priority or high priority to an interface. An interface with high priority can learn MAC addresses as usual. However, an interface with low priority is not allowed to learn MAC addresses already learned on a high-priority interface.

The MAC learning priority mechanism can help defend your network against MAC address spoofing attacks. In a network that performs MAC-based forwarding, an upper layer device MAC address might be learned by a downlink interface because of a loop or attack to the downlink interface. To avoid this issue, perform the following tasks:

Assign high MAC learning priority to an uplink interface.
Assign low MAC learning priority to a downlink interface.

To assign MAC learning priority to an interface:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	Enter Layer 2 Ethernet interface view:interface interface-type interface-number Enter Layer 2 aggregate interface view:interface bridge-aggregation interface-number	N/A
3. Assign MAC learning priority to the interface.	mac-address mac-learning priority { high \| low }	By default, low MAC learning priority is used.

prev	up	next
Configuring the device to forward unknown frames after the MAC learning limit on an interface is reached	home	Enabling MAC address synchronization