No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Static MAC Address Entries

Configuring Static MAC Address Entries

After a static MAC address entry is configured, packets with the destination MAC address matching the entry are forwarded from the specified outbound interface. This configuration protects a device from attack packets with forged MAC addresses.

Usage Scenario

If a network has fixed users or a server connects to a switch on the network, static MAC address entries need to be configured on the switch to prevent hackers from attacking the switch or the server. On the network shown in Figure 2-1, you can configure a static MAC address entry on the switch containing the MAC address of the server so that the switch forwards packets destined for the server through only a specified interface. This configuration prevents hackers from attacking the server using forged MAC addresses and from stealing information from the server, as well as ensures the communication between users and the server.

Figure 2-1 Networking for static MAC address entry configuration

Pre-configuration Tasks

Before configuring a static MAC address entry, connect interfaces and set their physical parameters to ensure that the physical interface status is Up.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Use either or both of the following methods to add static MAC address entries.

    • Run the mac-address static mac-address interface-type interface-number vlan vlan-id command to add VLAN-based static MAC address entries.
    • Run the mac-address static mac-address interface-type interface-number vsi vsi-name [ pe-vid pe-vid [ ce-vid ce-vid ] ] command to add VSI-based static MAC address entries.

    • Run the mac-address static mac-address interface-type interface-number vlanif vlan-id vsi vsi-name command to configure static MAC address entries for VSIs bound to the VLANIF interface.
    NOTE:

    Static MAC address entries take precedence over dynamic MAC address entries.

  3. Run commit

    The configuration is committed.

Checking the Configurations

Run the following commands to check the previous configurations.

  • Run the display mac-address [ mac-address ] [ vlan vlan-id | vsi vsi-name ] [ verbose ] command to check detailed information about MAC address entries.

  • Run the display mac-address static [ vsi vsi-name | { vlan vlan-id | interface-type interface-number } * ] command to check static MAC address entries.

Run the display mac-address command to view all MAC address entries. The command output shows the static MAC address entry with static in the Type field.

<HUAWEI> display mac-address
MAC address table of slot 0:                                                                                                        
-------------------------------------------------------------------------------
MAC Address    VLAN/BD/      PEVLAN CEVLAN Port            Type      LSP/LSR-ID
               VSI/SI                                                MAC-Tunnel
-------------------------------------------------------------------------------
0001-0001-0009 6             -      -      -               blackhole -                                                                
0001-0001-0010 7             -      -      -               blackhole -                                                                
0001-0001-0010 8             -      -      -               blackhole -                                                                
0001-0001-0010 9             -      -      -               blackhole -                                                                
0001-0001-0010 10            -      -      -               blackhole -                                                                
0001-0001-0010 11            -      -      -               blackhole -                                                                
0001-0001-0010 12            -      -      -               blackhole -                                                                
0001-0001-0010 54            -      -      GE0/1/1.1       static    -                                                                
0001-0001-0001 200           -      -      GE0/1/1.1       static    -                                                                
0001-0001-0020 v1            54     -      GE0/1/2.1       static    -                                                                
-------------------------------------------------------------------------------  
Total matching items on slot 0 displayed = 10

Run the display mac-address static command to view static MAC address entries. The command output shows that the static MAC address entry is correctly configured.

<HUAWEI> display mac-address static
MAC address table of slot 0:
-------------------------------------------------------------------------------
MAC Address    VLAN/BD/       PEVLAN CEVLAN Port            Type      LSP/LSR-ID
               VSI/SI                                                 MAC-Tunnel
-------------------------------------------------------------------------------
0024-7f94-349e a2             1      -      GE0/3/1.1       static    -
-------------------------------------------------------------------------------
Total matching items on slot 0 displayed = 1
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055378

Views: 16415

Downloads: 34

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next