No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 CLI-based Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring transparent bridge, MAC table, link aggregation, VLANs, STP/RSTP/MSTP, and so on.The document provides the configuration procedures and configuration examples to illustrate the service configuration methods and application scenario.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a Static MAC Address Entry

Configuring a Static MAC Address Entry

Context

MAC addresses and interfaces are bound statically in static MAC address entries.

A device cannot distinguish packets from authorized and unauthorized users when it learns source MAC addresses of packets to maintain the MAC address table. This causes network risks. If an unauthorized user uses the MAC address of an authorized user as the source MAC address of attack packets and connects to another interface of the device, the device learns an incorrect MAC address entry. As a result, packets destined for the authorized user are forwarded to the unauthorized user. To improve security, you can create static MAC address entries to bind MAC addresses of authorized users to specified interfaces. This prevents unauthorized users from intercepting data of authorized users.

Static MAC address entries have the following characteristics:

  • A static MAC address entry will not be aged out. After being saved, a static MAC address entry will not be lost after a system restart, and can only be deleted manually.
  • The VLAN bound to a static MAC address entry must have been created and assigned to the interface bound to the entry.
  • The MAC address in a static MAC address entry must be a unicast MAC address, and cannot be a multicast or broadcast MAC address.
  • A static MAC address entry takes precedence over a dynamic MAC address entry. The system discards packets with flapping static MAC addresses.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    mac-address static mac-address interface-type interface-number vlan vlan-id

    A static MAC address entry is created.

Checking the Configuration

Run the display mac-address static command to check configured static MAC address entries.

Translation
Download
Updated: 2019-05-25

Document ID: EDOC1000097279

Views: 9412

Downloads: 62

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next