No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

CloudEngine 8800, 7800, 6800, and 5800 V200R003C00

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, MUX VLAN, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring MAC Address Learning in a VLAN

Example for Configuring MAC Address Learning in a VLAN

Networking Requirements

As shown in Figure 2-13, user network 1 is connected to Switch on the 10GE1/0/1 through an LSW. User network 2 is connected to Switch on the 10GE1/0/2 through another LSW. Both 10GE1/0/1 and 10GE1/0/2 belong to VLAN 2. To prevent MAC address attacks and limit the number of access users on the device, limit MAC address learning on all the interfaces in VLAN 2.

Figure 2-13 Networking diagram for MAC address limiting in a VLAN

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN and add an interface to the VLAN to implement Layer 2 forwarding.

  2. Limit MAC address learning on all the interfaces in the VLAN to prevent MAC address attacks and limit the number of access users.

Procedure

  1. Limit MAC address learning.

    # Add 10GE1/0/1 and 10GE1/0/2 to VLAN 2.

    <HUAWEI> system-view
    [~HUAWEI] sysname Switch
    [*HUAWEI] commit
    [~Switch] vlan 2
    [*Switch-vlan2] quit
    [*Switch] interface 10ge 1/0/1
    [*Switch-10GE1/0/1] port link-type trunk
    [*Switch-10GE1/0/1] port trunk allow-pass vlan 2
    [*Switch-10GE1/0/1] quit
    [*Switch] interface 10ge 1/0/2
    [*Switch-10GE1/0/2] port link-type trunk
    [*Switch-10GE1/0/2] port trunk allow-pass vlan 2
    [*Switch-10GE1/0/2] quit
    [*Switch] commit

    # Configure the following MAC address limiting rule in VLAN 2: A maximum of 100 MAC addresses can be learned. When the number of learned MAC addresses reaches the limit, the device sends an alarm.

    [~Switch] vlan 2
    [~Switch-vlan2] mac-address limit maximum 100 alarm enable
    [*Switch-vlan2] quit
    [*Switch] commit

  2. Verify the configuration.

    # Run the display mac-address limit command in any view to check whether the MAC address limiting rule is successfully configured.

    [~Switch] display mac-address limit
    MAC Address Limit is enabled
    Total MAC Address limit rule count : 1
                                                                     
    Port                 VLAN/VSI/SI      Slot Maximum Action  Alarm             
    -------------------------------------------------------------------
    --                   2                --   100     forward enable

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 2
#
vlan 2
 mac-address limit maximum 100
#
interface 10GE1/0/1
 port link-type trunk
 port trunk allow-pass vlan 2
#
interface 10GE1/0/2
 port link-type trunk
 port trunk allow-pass vlan 2
#
return
Translation
Download
Updated: 2019-05-08

Document ID: EDOC1100004351

Views: 125086

Downloads: 295

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next