No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S7700 and S9700 V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Static MAC Flapping Trap

Configuring the Static MAC Flapping Trap

Context

When an interface receives a packet of which the source MAC address exists in the static MAC table on another interface, the interface discards this packet. This affects customer services. For example, when PC 1 connects to GE1/0/1 where sticky MAC is enabled, the sticky MAC table of GE1/0/1 includes PC 1's MAC address. When PC 1 is disconnected from GE1/0/1 and connected to GE1/0/2, GE1/0/2 discards the packets from PC 1. In this situation, you can enable static MAC address flapping detection. Then the interface will take the configured action.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run port-security static-flapping protect

    Static MAC flapping trap is enabled.

  3. Run interface interface-type interface-number

    The interface view is displayed.

  4. Run port-security enable

    Port security is enabled.

    By default, port security is disabled on an interface.

  5. (Optional) Run port-security protect-action { protect | restrict | shutdown }

    A port security action is configured.

    By default, the restrict action is used.

Follow-up Procedure

On a switch with static MAC address flapping detection configured, when an interface receives a packet of which the source MAC address exists in a static MAC address table on another interface, the switch considers that a static MAC address flapping has occurred and takes the configured port security action. There are three port security actions: restrict, protect, and shutdown.

Table 8-8  Port security actions

Action

Description

restrict

Discards the packet triggering the static MAC address flapping and generates a trap. This action is recommended.

protect

Discards the packet triggering the static MAC address flapping but does not generate a trap.

shutdown

Sets the interface state to error-down and generates a trap.

By default, an interface in error-down state can only be restored by using the restart command in the interface view.

To enable an interface in error-down state to automatically go Up after a period of time, run the error-down auto-recovery cause port-security interval interval-value command in the system view. In this command, interval-value specifies the period of time after which an interface can automatically go Up.

Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178319

Views: 137046

Downloads: 78

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next