Example for Configuring Static MAC Address Entries
Networking Requirements
In Figure 2-13, the user PC with MAC address 0002-0002-0002 connects to the GE1/0/1 of the Switch, and the server with MAC address 0004-0004-0004 connects to GE1/0/2 of the Switch. The user PC and server communicate in VLAN 2.
To prevent unauthorized users from using the user PC's MAC address to initiate attacks, configure a static MAC address entry for the user PC on the Switch.
To prevent unauthorized users from using the server's MAC address to intercept information sent to other users, configure a static MAC address entry for the server on the Switch.
This example applies to scenarios with a small number of users. When there are many users, use dynamic MAC address entries. For details, see Example for Configuring Port Security in "Port Security Configuration" in the S12700 V200R010C00 Configuration Guide - Security.
Configuration Roadmap
The configuration roadmap is as follows:
Create VLAN 2 and add the interfaces connected to the PC and server for Layer 2 forwarding.
Configure static MAC address entries to prevent attacks from unauthorized users.
Procedure
- Create static MAC address entries.
# Create VLAN 2 and add GigabitEthernet1/0/1 and GigabitEthernet1/0/2 to VLAN 2.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan 2 [Switch-vlan2] quit [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type access [Switch-GigabitEthernet1/0/1] port default vlan 2 [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] port link-type access [Switch-GigabitEthernet1/0/2] port default vlan 2 [Switch-GigabitEthernet1/0/2] quit
# Configure static MAC address entries.
[Switch] mac-address static 2-2-2 GigabitEthernet 1/0/1 vlan 2 [Switch] mac-address static 4-4-4 GigabitEthernet 1/0/2 vlan 2
- Verify the configuration.
# Run the display mac-address static vlan 2 command in any view to check whether the static MAC address entries are successfully added to the MAC address table.
[Switch] display mac-address static vlan 2 ------------------------------------------------------------------------------- MAC Address VLAN/VSI Learned-From Type ------------------------------------------------------------------------------- 0002-0002-0002 2/- GE1/0/1 static 0004-0004-0004 2/- GE1/0/2 static ------------------------------------------------------------------------------- Total items displayed = 2
Configuration Files
Switch configuration file
# sysname Switch # vlan batch 2 # interface GigabitEthernet1/0/1 port link-type access port default vlan 2 # interface GigabitEthernet1/0/2 port link-type access port default vlan 2 # mac-address static 0002-0002-0002 GigabitEthernet1/0/1 vlan 2 mac-address static 0004-0004-0004 GigabitEthernet1/0/2 vlan 2 # return