No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

CloudEngine 8800, 7800, 6800, and 5800 V200R003C00

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, MUX VLAN, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the MAC Address Table

Example for Configuring the MAC Address Table

Networking Requirements

As shown in Figure 2-12, the MAC address of the user host PC1 is 0002-0002-0002 and that of the user host PC2 is 0003-0003-0003. PC1 and PC2 are connected to the Switch through the LSW. The LSW is connected to 10GE1/0/1 of the Switch, which belongs to VLAN 2. The MAC address of the server is 0004-0004-0004. The server is connected to 10GE1/0/2 of the Switch. 10GE1/0/2 belongs to VLAN 2.

  • To prevent hackers from using MAC addresses to attack the network, configure two static MAC address entries for each user host on the Switch.

  • To prevent hackers from stealing user information by forging the MAC address of the server, configure a static MAC address entry on the Switch for the server.

NOTE:

This example applies to the scenario where there are few users. When there are many users, perform dynamic binding according to Example for Configuring Port Security.

Figure 2-12 Configuring the MAC address table

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN and add an interface to the VLAN to implement Layer 2 forwarding.

  2. Configure static MAC address entries to prevent MAC address attacks.

  3. Configure the aging time of dynamic MAC address entries to update the entries.

Procedure

  1. Configure static MAC address entries.

    # Create VLAN 2 and add 10GE1/0/1 and 10GE1/0/2 to VLAN 2.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch
    [*HUAWEI] commit
    [~Switch] vlan 2
    [*Switch-vlan2] quit
    [*Switch] interface 10ge 1/0/1
    [*Switch-10GE1/0/1] port link-type trunk
    [*Switch-10GE1/0/1] port trunk allow-pass vlan 2
    [*Switch-10GE1/0/1] quit
    [*Switch] interface 10ge 1/0/2
    [*Switch-10GE1/0/2] port link-type trunk
    [*Switch-10GE1/0/2] port trunk allow-pass vlan 2
    [*Switch-10GE1/0/2] quit
    [*Switch] commit

    # Configure a static MAC address entry.

    [~Switch] mac-address static 2-2-2 10GE 1/0/1 vlan 2
    [*Switch] mac-address static 3-3-3 10GE 1/0/1 vlan 2
    [*Switch] mac-address static 4-4-4 10GE 1/0/2 vlan 2
    [*Switch] commit
    

  2. Set the aging time of a dynamic MAC address entry.

    [~Switch] mac-address aging-time 500
    [*Switch] commit
    

  3. Verify the configuration.

    # Run the display mac-address static command in any view to check whether the static MAC address entries are successfully added to the MAC address table.

    [~Switch] display mac-address static vlan 2
    Flags: * - Backup  
           # - forwarding logical interface, operations cannot be performed based 
               on the interface.
    BD   : bridge-domain   Age : dynamic MAC learned time in seconds
    -------------------------------------------------------------------------------
    MAC Address    VLAN/VSI/BD                       Learned-From        Type      
    -------------------------------------------------------------------------------
    0002-0002-0002 2/-/-                             10GE1/0/1           static    
    0003-0003-0003 2/-/-                             10GE1/0/1           static    
    0004-0004-0004 2/-/-                             10GE1/0/2           static    
    -------------------------------------------------------------------------------
    Total items: 3

    # Run the display mac-address aging-time command in any view to check whether the aging time of dynamic entries is set successfully.

    [~Switch] display mac-address aging-time
      Aging time: 500 second(s)

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 2
#
mac-address aging-time 500
#
interface 10GE1/0/1
 port link-type trunk
 port trunk allow-pass vlan 2
#
interface 10GE1/0/2
 port link-type trunk
 port trunk allow-pass vlan 2
#
mac-address static 0002-0002-0002 10GE1/0/1 vlan 2
mac-address static 0003-0003-0003 10GE1/0/1 vlan 2
mac-address static 0004-0004-0004 10GE1/0/2 vlan 2
#
return
Translation
Download
Updated: 2019-05-08

Document ID: EDOC1100004351

Views: 81101

Downloads: 274

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next