No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

S7700 and S9700 V200R012C00

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, VLAN aggregation, MUX VLAN, VLAN termination, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, HVRP, and Layer 2 protocol transparent transmission.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Static MAC Address Entries

Example for Configuring Static MAC Address Entries

Networking Requirements

In Figure 2-13, the PC with MAC address 0002-0002-0002 connects to GE1/0/1 of the Switch, and the server with MAC address 0004-0004-0004 connects to GE1/0/2 of the Switch. The PC and server communicate in VLAN 2.

  • To prevent unauthorized users from using the PC's MAC address to initiate attacks, configure a static MAC address entry for the PC on the Switch.

  • To prevent unauthorized users from using the server's MAC address to intercept data, configure a static MAC address entry for the server on the Switch.

NOTE:

This example applies to scenarios with a small number of users. When there are many users, use dynamic MAC address entries. For details, see Example for Configuring Port Security in "Port Security Configuration" in the S7700 and S9700 V200R012C00 Configuration Guide - Security.

Figure 2-13  Configuring static MAC address entries

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create VLAN 2 and add the interfaces connected to the PC and server to the VLAN to implement Layer 2 forwarding.

  2. Configure static MAC address entries to prevent attacks from unauthorized users.

Procedure

  1. Create static MAC address entries.

    # Create VLAN 2 and add GigabitEthernet1/0/1 and GigabitEthernet1/0/2 to VLAN 2.

    <HUAWEI> system-view
    [HUAWEI] sysname Switch
    [Switch] vlan 2
    [Switch-vlan2] quit
    [Switch] interface gigabitethernet 1/0/1
    [Switch-GigabitEthernet1/0/1] port link-type access
    [Switch-GigabitEthernet1/0/1] port default vlan 2
    [Switch-GigabitEthernet1/0/1] quit
    [Switch] interface gigabitethernet 1/0/2
    [Switch-GigabitEthernet1/0/2] port link-type access
    [Switch-GigabitEthernet1/0/2] port default vlan 2
    [Switch-GigabitEthernet1/0/2] quit
    

    # Configure static MAC address entries.

    [Switch] mac-address static 2-2-2 GigabitEthernet 1/0/1 vlan 2
    [Switch] mac-address static 4-4-4 GigabitEthernet 1/0/2 vlan 2
    

  2. Verify the configuration.

    # Run the display mac-address static vlan 2 command in any view to check whether the static MAC address entries are successfully added to the MAC address table.

    [Switch] display mac-address static vlan 2
    ------------------------------------------------------------------------------- 
    MAC Address          VLAN/VSI/BD                 Learned-From        Type       
    -------------------------------------------------------------------------------
    0002-0002-0002       2/-/-                       GE1/0/1             static    
    0004-0004-0004       2/-/-                       GE1/0/2             static
    
    -------------------------------------------------------------------------------
    Total items displayed  = 2
    
    

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 2
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 2
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 2
#
mac-address static 0002-0002-0002 GigabitEthernet1/0/1 vlan 2
mac-address static 0004-0004-0004 GigabitEthernet1/0/2 vlan 2
#
return
Translation
Download
Updated: 2019-01-18

Document ID: EDOC1100038843

Views: 94078

Downloads: 67

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next