No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

CloudEngine 8800, 7800, 6800, and 5800 V200R003C00

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, MUX VLAN, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring MAC Address Anti-flapping

Example for Configuring MAC Address Anti-flapping

Networking Requirements

Employees of an enterprise need to access the enterprise server. If an attacker uses the server MAC address as the source MAC address to send packets to another interface, the server MAC address is learned on the interface. Packets sent to the server are sent to unauthorized users. In this case, employees cannot access the server, and important data will be intercepted by the attacker.

As shown in Figure 2-14, MAC address anti-flapping can be configured to protect the server from attacks.

Figure 2-14 Networking diagram of MAC address anti-flapping

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN and add an interface to the VLAN to implement Layer 2 forwarding.

  2. Configure MAC address anti-flapping on the server-side interface.

Procedure

  1. Create a VLAN and add interfaces to the VLAN.

    # Add 10GE1/0/1 and 10GE1/0/2 to VLAN 10.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch
    [*HUAWEI] commit
    [~Switch] vlan 10
    [*Switch-vlan10] quit
    [*Switch] interface 10ge 1/0/2
    [*Switch-10GE1/0/2] port link-type trunk
    [*Switch-10GE1/0/2] port trunk allow-pass vlan 10 
    [*Switch-10GE1/0/2] quit
    [*Switch] interface 10ge 1/0/1
    [*Switch-10GE1/0/1] port default vlan 10
    [*Switch-10GE1/0/1] commit

  2. # Set the MAC address learning priority of 10GE1/0/1 to 2.

    [~Switch-10GE1/0/1] mac-address learning priority 2
    [*Switch-10GE1/0/1] commit
    [~Switch-10GE1/0/1] quit

  3. Verify the configuration.

    # Run the display current-configuration command in any view to check whether the MAC address learning priority of the interface is set correctly.

    [~Switch] display current-configuration interface 10ge 1/0/1
    #
    interface 10GE1/0/1
     port default vlan 10
     mac-address learning priority 2
    #
    return

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 10
#
interface 10GE1/0/1
 port default vlan 10
 mac-address learning priority 2
#
interface 10GE1/0/2
 port link-type trunk
 port trunk allow-pass vlan 10
#
return
Translation
Download
Updated: 2019-05-08

Document ID: EDOC1100004351

Views: 116391

Downloads: 289

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next