...
The host table represents switch chip's internal MAC address to port mapping. It can contain two kinds of entries: dynamic and static. Dynamic entries get added automatically, this is also called a learning process: when switch chip receives a packet from a certain port, it adds the packet's source MAC address X and port it received the packet from to the host table, so when a packet comes in with the same destination MAC address X , it knows to which port it should forward the packet. If the destination MAC address is not present in the host table (so-called unknown-unicast traffic) then it forwards the packet to all ports in the group. Dynamic entries take about 5 minutes to time out. Learning is enabled only on ports that are configured as part of the switch group. So , so you won't see dynamic entries if you have not set up port switching. Also, you can add static entries that take over dynamic if a dynamic entry with the same MAC address already exists. Also by adding a static entry, you get . Since port switching is configured using a bridge with hardware offloading, any static entries created on one table (either bridge host or switch host) will appear on the opposite table as a dynamic entry. Adding a static entry on the switch host table will provide access to some more functionality that is controlled via the following params:
| Property | Description |
|---|---|
| copy-to-cpu (no | yes; Default: no) | Whether to send a frame copy to switch CPU port from a frame with matching MAC destination address |
| drop (no | yes; Default: no) | Whether to drop a frame with matching MAC source address received on a certain port |
| mac-address (MAC; Default: 00:00:00:00:00:00) | Host's MAC address |
| mirror (no | yes; Default: no) | Whether to send a frame copy to mirror-target port from a frame with matching MAC destination address |
| ports (name; Default: none) | Name of the interface, static MAC address can be mapped to more that one port, including switch CPU port |
| redirect-to-cpu (no | yes; Default: no) | Whether to redirect a frame to switch CPU port from a frame with matching MAC destination address |
| share-vlan-learned (no | yes; Default: no) | Whether the static host MAC address lookup is used with shared-VLAN-learning (SVL) or independent-VLAN-learning (IVL). The SVL mode is used for those VLAN entries that do not support IVL or IVL is disabled (independent-learning=no) |
| switch (name; Default: none) | Name of the switch to which the MAC address is going to be assigned to |
| vlan-id (integer: 0..4095; Default:) | VLAN ID for the statically added MAC address entry |
| Note |
|---|
Every switch chip has a finite number of MAC addresses it can store on the chip, see the Introduction table for a specific host table size. Once a host table is completely full, different techniques can be utilized to cope with the situation, for example, the switch can remove older entries to free space for more recent MAC addresses (used on QCA-8337 and Atheros-8327 switch chips), another option is to simply ignore the new MAC addresses and only remove entries after a timeout has passed (used on Atheros8316, Atheros8227, Atheros-7240 and Realtek-RTL8367 switch chips), the last option is a combination of the previous two - allows only a certain amount of entries to be renewed and keep the other host portion intact till the timeout (MediaTek-MT7621). These techniques cannot be changed with configuration. |
Rule Table
Rule table is a very powerful tool allowing wire-speed packet filtering, forwarding and VLAN tagging based on L2, L3 and L4 protocol header field condition. The menu contains an ordered list of rules just like in /ip firewall filter, so ACL rules are checked for each packet until a match has been found. If there are multiple rules that can match, then only the first rule will be triggered. A rule without any action parameters is a rule to accept the packet.
...