No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

S1720, S2700, S5700, and S6720 V200R012(C00 and C20)

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, VLAN aggregation, MUX VLAN, VLAN termination, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring MAC Address Flapping Prevention

Example for Configuring MAC Address Flapping Prevention

Networking Requirements

In Figure 2-16, employees of an enterprise need to visit the server connected to a switch interface. If an unauthorized user uses the server's MAC address as the source MAC address to send packets to another interface, the server's MAC address is learned on the interface. Subsequently, packets sent from employees to the server are forwarded to the unauthorized user. As a result, employees cannot access the server, and data may be intercepted by the unauthorized user.

MAC address flapping prevention can be configured to protect the server against attacks from unauthorized users.

Figure 2-16  Configuring MAC address flapping prevention

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN and add interfaces to the VLAN to implement Layer 2 forwarding.

  2. Configure MAC address flapping prevention on the server-facing interface.

Procedure

  1. Create a VLAN and add interfaces to the VLAN.

    # Add GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to VLAN 10.

    <HUAWEI> system-view
    [HUAWEI] sysname Switch
    [Switch] vlan 10
    [Switch-vlan10] quit
    [Switch] interface gigabitethernet 0/0/2
    [Switch-GigabitEthernet0/0/2] port link-type trunk
    [Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 
    [Switch-GigabitEthernet0/0/2] quit
    [Switch] interface gigabitethernet 0/0/1
    [Switch-GigabitEthernet0/0/1] port link-type hybrid
    [Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 10
    [Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 10
    

  2. Set the MAC address learning priority of GigabitEthernet0/0/1 to 2.

    [Switch-GigabitEthernet0/0/1] mac-learning priority 2
    [Switch-GigabitEthernet0/0/1] quit

  3. Verify the configuration.

    # Run the display current-configuration command in any view to check whether the MAC address learning priority is set correctly.

    [Switch] display current-configuration interface gigabitethernet 0/0/1
    #
    interface GigabitEthernet0/0/1
     port link-type hybrid
     port hybrid pvid vlan 10
     port hybrid untagged vlan 10
     mac-learning priority 2
    #
    return

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 10
#
interface GigabitEthernet0/0/1
 port link-type hybrid
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
 mac-learning priority 2
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 10
#
return
Translation
Download
Updated: 2018-12-24

Document ID: EDOC1100038339

Views: 169490

Downloads: 703

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next