No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web-based Configuration Guide

S7700 and S9700 V200R011C10

This document describes the configuration and maintenance of device through the web network management system. The web network management system provides the functions of viewing device information and managing the entire system, interfaces, services, ACL, QoS, routes, security, and tools.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
MAC

MAC

Context

Each switch maintains a MAC address table. A MAC table records learned MAC addresses, VLAN IDs, and outbound interfaces. To forward data, the switch searches the MAC table based on destination MAC addresses and VLAN IDs carried in packets to determine the outbound interfaces for the packets. Therefore, broadcast traffic is reduced. Configure the following MAC address types and functions:
  • The interface obtains dynamic entries based on the learning of source MAC addresses. The dynamic entries can be aged.
  • Static MAC entries are manually configured and never age. For details, see Configuring a static user.
  • Blackhole MAC entries are used to discard data frames with the specified source or destination MAC addresses. Blackhole MAC entries are manually configured and never age. For details, see Configuring a blackhole MAC address entry.
  • ARP entry fixing can be configured to defend against ARP address spoofing attacks. For details, see Configuring ARP entry fixing.
  • Port security makes MAC addresses learned on an interface become secure MAC addresses to allow only hosts with secure MAC addresses and static MAC addresses to communicate with the switch through the interface, improving switch security. For details, see Configuring port security.

Procedure

  • Configuring MAC/IP address security and the aging time of dynamic MAC addresses
    1. Choose Configuration > Advanced Services > MAC.
    2. Click the icon next to MAC/IP address security to enable or disable MAC/IP address security.
    3. Set the aging time of dynamic MAC addresses in the Dynamic MAC aging time text box and click Apply.

      NOTE:

      The aging time of dynamic MAC addresses is 0 or in the range of 60 to 1000000, in seconds. The default value is 300s.

  • Querying MAC address entries
    1. Choose Configuration > Advanced Services > MAC.
    2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed, as shown in Figure 5-80.

      Figure 5-80  Querying MAC address entries

    3. Click Refresh to refresh entries in the MAC address list.
    4. Set search item for querying MAC address entries based on the MAC Address, Type, Outbound Interface and VLAN ID.
    5. Click . The search result is displayed.
  • Configuring a static user
    1. Choose Configuration > Advanced Services > MAC.
    2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed, as shown in Figure 5-80.
    3. Click Create Static MAC. The Create Static MAC page is displayed, as shown in Figure 5-81.

      Figure 5-81  Creating a static mac

    4. Set parameters.
    5. Click OK.
  • Creating a static secure MAC address
    1. Choose Configuration > Advanced Services > MAC.
    2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed, as shown in Figure 5-80.

      NOTE:
      Before creating a static secure MAC address, enable port security by referring to Configuring port security.

      After port security is enabled, a yellow shield identifier next to the interface is displayed.

    3. Click Create Secure MAC. The Create Secure MAC page is displayed, as shown in Figure 5-82.

      Figure 5-82  Creating a secure MAC address

    4. Set parameters.
    5. Click OK.
  • Deleting MAC address entries
    1. Choose Configuration > Advanced Services > MAC.
    2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed, as shown in Figure 5-80.
    3. Select an entry and click Delete MAC. The system asks you whether to delete the entry.
    4. Click OK.
  • Configuring a blackhole MAC address entry
    1. Choose Configuration > Advanced Services > MAC.
    2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed, as shown in Figure 5-80.
    3. Select an entry and click Convert to Blackhole MAC. The system asks you whether to configure the entry as a blackhole MAC address entry.

      NOTE:

      Only dynamic MAC address entries can be configured as blackhole MAC address entries.

      After dynamic MAC address entries are configured as blackhole MAC address entries, select Select all interfaces so that they can be displayed in the MAC address list.

    4. Click OK.
  • Configure fixing of ARP entries
    1. Choose Configuration > Advanced Services > MAC.
    2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed, as shown in Figure 5-80.
    3. Select an entry and click Fix MAC. The system asks you whether to fix the MAC address entry.

      NOTE:

      Only dynamic MAC address entries can be fixed.

    4. Click OK.
  • Configuring port security
    1. Choose Configuration > Advanced Services > MAC.
    2. Click the MAC Security tab. The MAC Security tab page is displayed.
    3. Select a port, as shown in Figure 5-83.

      Figure 5-83  Configuring port security

      Table 5-44 describes parameters on the MAC Security tab page.

      Table 5-44  Configuring port security

      Parameter

      Description

      Value

      Interface Name

      -

      -

      Interface Security

      If a network requires high access security, you can configure port security on specified ports. MAC addresses learned by these ports are changed to dynamic secure MAC addresses or sticky MAC addresses. When the number of learned MAC addresses reaches the limit, the ports do not learn new MAC addresses. This prevents devices with untrusted MAC addresses from connecting to these ports, improving security of the devices and the network.

      The value can be Enable or Disable.

      MAC Address Limit (1-4096)

      Maximum number of MAC addresses that can be learned by a port.

      The value ranges from 1 to 4096.

      Sticky MAC

      Sticky MAC addresses will not be aged out and will exist after the device restarts.

      The value can be Enable or Disable.

      Port Security Aging Time

      The aging time of secure dynamic MAC addresses on an interface.

      The value ranges from 1to 1440.

    4. Set parameters.
    5. Click Apply.
  • Configure MAC address learning.
    1. Choose Configuration > Advanced Services > MAC.
    2. Click the MAC Address Learning tab to access the MAC Address Learning page and select the interface to be configured in the interface selection area, as shown in Figure 5-84.

      Figure 5-84  Configuring MAC address learning

    3. Click Enable or Disable to enable or disable MAC address learning on the interface.
  • Check MAC address flapping information.
    1. Choose Configuration > Advanced Services > MAC.
    2. Click the MAC Flapping tab to access the MAC Flapping page, as shown in Figure 5-85.

      Figure 5-85  MAC Flapping page

    3. Click Refresh to refresh MAC address flapping information.
Translation
Download
Updated: 2019-10-17

Document ID: EDOC1000178323

Views: 86961

Downloads: 112

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next