Managing MAC Address Learning

By default, MAC address learning is enabled on all ports. MAC addresses are added to the FDB (forwarding database) as described in How FDB Entries Get Added.

When MAC address learning is disabled on a port, the switch no longer stores the source address information in the FDB. However, the switch can still examine the source MAC address for incoming packets and either forward or drop the packets based on this address. The source address examination serves as a preprocessor for packets. Forwarded packets are forwarded to other processes, not to other ports. For example, if the switch forwards a packet based on the source address, the packet can still be dropped based on the destination address or the egress flooding configuration.

When MAC address learning is disabled, the two supported behaviors are labeled as follows in the software:
  • forward-packets
  • drop-packets

The drop-packets behavior is supported on SummitStack and Summit family switches. When the drop-packets option is chosen, EDP packets are forwarded, and all unicast, multicast, and broadcast packets from a source address not in the FDB are dropped. No further processing occurs for dropped packets.

The disable learning forward-packets option saves switch resources (FDB space), however, it can consume network resources when egress flooding is enabled. When egress flooding is disabled or the drop-packet option is specified, disabling learning adds security by limiting access to only those devices listed in the FDB.
Note

Note

When the forward-packet option is chosen,

  • If unicast, multicast, and broadcast packet from a source address is not present in the FDB , the packets is flooded.
  • If the destination MAC is present in the forwarding database, the packet is forwarded.