No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Ethernet Switching

AR650, AR1600, and AR6100 V300R003

This document describes how to configure the components for LAN services, including link aggregation groups, VLANs, voice VLANs, MAC address tables, transparent bridging, as well as GVRP, STP/RSTP, and MSTP protocols.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a Static MAC Address Entry

Configuring a Static MAC Address Entry

Context

MAC addresses and interfaces are bound statically in static MAC address entries.

A device cannot distinguish packets from authorized and unauthorized users when it learns source MAC addresses of packets to maintain the MAC address table. This causes network risks. If an unauthorized user uses the MAC address of an authorized user as the source MAC address of attack packets and connects to another interface of the device, the device learns an incorrect MAC address entry. As a result, packets destined for the authorized user are forwarded to the unauthorized user. To improve security, you can create static MAC address entries to bind MAC addresses of authorized users to specified interfaces. This prevents unauthorized users from intercepting data of authorized users.

Static MAC address entries have the following characteristics:

  • A static MAC address entry will not be aged out. After being saved, a static MAC address entry will not be lost after a system restart, and can only be deleted manually.
  • The VLAN bound to a static MAC address entry must have been created and assigned to the interface bound to the entry.
  • The MAC address in a static MAC address entry must be a unicast MAC address, and cannot be a multicast or broadcast MAC address.
  • A static MAC address entry takes precedence over a dynamic MAC address entry. The system discards packets with flapping static MAC addresses.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run mac-address static mac-address interface-type interface-number vlan vlan-id

    A static MAC address entry is created.

Verifying the Configuration

Run the display mac-address static command to check configured static MAC address entries.

Download
Updated: 2019-04-12

Document ID: EDOC1100041791

Views: 58048

Downloads: 40

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next