No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Typical Configuration Examples

This document provides examples for configuring features in typical usage scenarios.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Blackhole MAC Address Entries

Example for Configuring Blackhole MAC Address Entries

Overview

Blackhole MAC address entries can be used to prevent attacks from unauthorized users. The switch discards packets from or destined to blackhole MAC addresses.

Configuration Notes

This example applies to all versions of all S series switches.

Networking Requirements

As shown in Figure 7-2, the switch receives a packet from an unauthorized PC whose MAC address is 0005-0005-0005 and belongs to VLAN 3. This MAC address can be configured as a blackhole MAC address to filter packets from the unauthorized user.

Figure 7-2  Networking for configuring blackhole MAC address entries

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN to implement Layer 2 forwarding.

  2. Configure a blackhole MAC address to block packets from this MAC address.

Procedure

  1. Configure a blackhole MAC address entry.

    <HUAWEI> system-view
    [HUAWEI] sysname Switch
    [Switch] vlan 3   //Create VLAN 3.
    [Switch-vlan3] quit
    [Switch] mac-address blackhole 0005-0005-0005 vlan 3   //Configure MAC address 0005-0005-0005 as the blackhole MAC address in VLAN 3.

  2. Verify the configuration.

    # Run the display mac-address blackhole command in any view to check whether the blackhole MAC address entry was successfully added to the MAC address table.

    [Switch] display mac-address blackhole
    ------------------------------------------------------------------------------- 
    MAC Address    VLAN/VSI                          Learned-From        Type       
    ------------------------------------------------------------------------------- 
    0005-0005-0005 3/-                               -                   blackhole  
                                                                                    
    ------------------------------------------------------------------------------- 
    Total items displayed = 1
    
    

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 3
#
mac-address blackhole 0005-0005-0005 vlan 3                                     
#
return
Download
Updated: 2019-04-20

Document ID: EDOC1000069520

Views: 695949

Downloads: 30197

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next