No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

S1720, S2700, S5700, and S6720 V200R012(C00 and C20)

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, VLAN aggregation, MUX VLAN, VLAN termination, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Static MAC Address Entries

Example for Configuring Static MAC Address Entries

Networking Requirements

In Figure 2-12, the PC with MAC address 0002-0002-0002 connects to GE0/0/1 of the Switch, and the server with MAC address 0004-0004-0004 connects to GE0/0/2 of the Switch. The PC and server communicate in VLAN 2.

  • To prevent unauthorized users from using the PC's MAC address to initiate attacks, configure a static MAC address entry for the PC on the Switch.

  • To prevent unauthorized users from using the server's MAC address to intercept data, configure a static MAC address entry for the server on the Switch.

NOTE:

This example applies to scenarios with a small number of users. When there are many users, use dynamic MAC address entries. For details, see Example for Configuring Port Security in "Port Security Configuration" in the S1720, S2700, S5700, and S6720 V200R012(C00&C20) Configuration Guide - Security.

Figure 2-12  Configuring static MAC address entries

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create VLAN 2 and add the interfaces connected to the PC and server to the VLAN to implement Layer 2 forwarding.

  2. Configure static MAC address entries to prevent attacks from unauthorized users.

Procedure

  1. Create static MAC address entries.

    # Create VLAN 2 and add GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to VLAN 2.

    <HUAWEI> system-view
    [HUAWEI] sysname Switch
    [Switch] vlan 2
    [Switch-vlan2] quit
    [Switch] interface gigabitethernet 0/0/1
    [Switch-GigabitEthernet0/0/1] port link-type access
    [Switch-GigabitEthernet0/0/1] port default vlan 2
    [Switch-GigabitEthernet0/0/1] quit
    [Switch] interface gigabitethernet 0/0/2
    [Switch-GigabitEthernet0/0/2] port link-type access
    [Switch-GigabitEthernet0/0/2] port default vlan 2
    [Switch-GigabitEthernet0/0/2] quit
    

    # Configure static MAC address entries.

    [Switch] mac-address static 2-2-2 GigabitEthernet 0/0/1 vlan 2
    [Switch] mac-address static 4-4-4 GigabitEthernet 0/0/2 vlan 2
    

  2. Verify the configuration.

    # Run the display mac-address static vlan 2 command in any view to check whether the static MAC address entries are successfully added to the MAC address table.

    [Switch] display mac-address static vlan 2
    ------------------------------------------------------------------------------- 
    MAC Address          VLAN/VSI/BD                 Learned-From        Type       
    -------------------------------------------------------------------------------
    0002-0002-0002       2/-/-                       GE0/0/1             static    
    0004-0004-0004       2/-/-                       GE0/0/2             static
    
    -------------------------------------------------------------------------------
    Total items displayed  = 2
    
    

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 2
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 2
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 2
#
mac-address static 0002-0002-0002 GigabitEthernet0/0/1 vlan 2
mac-address static 0004-0004-0004 GigabitEthernet0/0/2 vlan 2
#
return
Translation
Download
Updated: 2018-12-24

Document ID: EDOC1100038339

Views: 157638

Downloads: 685

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next