No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Enterprise
Worldwide
Huawei Global - English
Search
Support Documentation
S12700 V200R010C00 Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring link aggregation, VLANs, Voice VLAN, VLAN mapping, QinQ, GVRP, MAC table, STP/RSTP/MSTP, SEP, and so on.

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring MAC Address Flapping Prevention

Example for Configuring MAC Address Flapping Prevention

Networking Requirements

In Figure 2-18, users need to access the server connected to a switch interface. If an unauthorized user uses the MAC address of the server as the source MAC address to send packets to another interface, then that MAC address is learned on the interface. In this scenario, packets sent from users to the server are forwarded to the unauthorized user. As a result, users cannot access the server, and important data may be intercepted by the unauthorized user.

MAC address flapping prevention can be configured to protect the server against attacks from unauthorized users.

Figure 2-18  Networking of MAC address flapping prevention

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN and add interfaces for Layer 2 forwarding.

  2. Configure MAC address flapping prevention on the server-side interface.

Procedure

  1. Create a VLAN and add interfaces to the VLAN.

    # Add GigabitEthernet1/0/1 and GigabitEthernet1/0/2 to VLAN 10.

    <HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] port link-type trunk
[Switch-GigabitEthernet1/0/2] port trunk allow-pass vlan 10 
[Switch-GigabitEthernet1/0/2] quit
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type hybrid
[Switch-GigabitEthernet1/0/1] port hybrid pvid vlan 10
[Switch-GigabitEthernet1/0/1] port hybrid untagged vlan 10

  2. # Set the MAC address learning priority of GigabitEthernet1/0/1 to 2. 

    [Switch-GigabitEthernet1/0/1] mac-learning priority 2
[Switch-GigabitEthernet1/0/1] quit

  3. Verify the configuration.

    # Run the display current-configuration command in any view to check whether the MAC address learning priority is set correctly.

    [Switch] display current-configuration interface gigabitethernet 1/0/1
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
 mac-learning priority 2
#
return

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 10
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
 mac-learning priority 2
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 10
#
return
Translation
简体中文
Download
Updated: 2022-05-23

Document ID: EDOC1000142081

Views: 1014261

Downloads: 880

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :