No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a MAC Address Table

Example for Configuring a MAC Address Table

This section describes an example for configuring static MAC address entries and configuring an aging time for dynamic MAC address entries.

Networking Requirements

If the internal network of an enterprise has fixed users and the internal network connects to an important server, to prevent hackers from attacking the device or the server, static MAC address entries need to be configured on the device. A device automatically generates dynamic MAC address entries by learning source MAC addresses. As the network topology constantly changes, the device will learn more and more MAC addresses. To avoid the explosive growth of MAC address entries, set a proper aging time for dynamic MAC address entries to have the invalid MAC addresses deleted in time.

As shown in Figure 2-4, the MAC address of PC1 is 0002-0002-0002 and the MAC address of PC2 is 0003-0003-0003. PC1 and PC2 connect to the CE through the LSW. The LSW connects to interface1 on the CE. The MAC address of the server is 0004-0004-0004. The server connects to interface2 on the CE. interface2 belongs to VLAN 2.
  • To prevent MAC address attacks, add a static entry to the MAC address table on the CE for each of PC1 and PC2 and configure the aging time of dynamic MAC entries as 500 seconds.

  • To prevent hackers from using the MAC address of the server to intercept important information, configure the MAC address of the server as a static MAC address on the CE.

Figure 2-4 Networking diagram of MAC address table configurations
NOTE:

Interface1, Interface2 in this example are GE 0/1/1, GE 0/2/1, respectively.



Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN and add the interfaces to the VLAN.

  2. Add the static MAC address entries to enable the packet with the specified destination MAC address to be forwarded from the specified interface. This can protect the CE from the attack of the forged MAC address.

  3. Configure an aging time for the dynamic MAC entries to prevent the explosive growth of MAC entries.

Data Preparation

To complete the configuration, you need the following data:

  • MAC address of PC1

  • MAC address of PC2

  • MAC address of the server

  • ID of VLAN to which the CE belongs

  • Number of the interface connecting the LSW to the CE

  • Number of the interface connecting the server to the CE

  • Aging time of dynamic MAC entries

Procedure

  1. Add static MAC entries.

    # Create VLAN 2 and add GE 0/1/1 and GE 0/2/1 to VLAN 2.

    <HUAWEI> system-view
    [~HUAWEI] sysname CE
    [*HUAWEI] commit
    [~CE] vlan 2
    [*CE-vlan2] quit
    [*CE] interface gigabitethernet 0/1/1
    [*CE-GigabitEthernet0/1/1] undo shutdown
    [*CE-GigabitEthernet0/1/1] portswitch
    [*CE-GigabitEthernet0/1/1] port default vlan 2
    [*CE-GigabitEthernet0/1/1] quit
    [*CE] interface gigabitethernet 0/2/1
    [*CE-GigabitEthernet0/2/1] undo shutdown
    [*CE-GigabitEthernet0/2/1] portswitch
    [*CE-GigabitEthernet0/2/1] port default vlan 2
    [*CE-GigabitEthernet0/2/1] quit

    # Add the static MAC address entries.

    [*CE] mac-address static 2-2-2 gigabitethernet 0/1/1 vlan 2
    [*CE] mac-address static 3-3-3 gigabitethernet 0/1/1 vlan 2
    [*CE] mac-address static 4-4-4 gigabitethernet 0/2/1 vlan 2

  2. Set the aging time of the dynamic MAC address entries.

    [*CE] mac-address aging-time 500
    [*CE] commit

  3. Verify the configuration.

    # Run the display mac-address command to check whether the static address entries are added successfully.

    [~CE] display mac-address static vlan 2
    MAC address table of slot 0:
    -------------------------------------------------------------------------------
    MAC Address    VLAN/BD/       PEVLAN CEVLAN Port            Type      LSP/LSR-ID
                   VSI/SI/EVPN                                            MAC-Tunnel
    -------------------------------------------------------------------------------
    0002-0002-0002 2              -      -      GE0/1/1         static    -
    0003-0003-0003 2              -      -      GE0/1/1         static    -
    0004-0004-0004 2              -      -      GE0/2/1         static    -
    -------------------------------------------------------------------------------
    Total matching items on slot 0 displayed = 3

    # Run the display mac-address aging-time command to check whether the aging time is set for the dynamic entries successfully.

    [*CE] display mac-address aging-time
      Aging time: 500 second(s)

Configuration Files

#
 sysname CE
#
 vlan batch 2
#
 mac-address aging-time 500
#
interface GigabitEthernet0/1/1
 portswitch
 undo shutdown
 port default vlan 2
#
interface GigabitEthernet0/2/1
 portswitch
 undo shutdown
 port default vlan 2
#
 mac-address static 0002-0002-0002 GigabitEthernet0/1/1 vlan 2
 mac-address static 0003-0003-0003 GigabitEthernet0/1/1 vlan 2
 mac-address static 0004-0004-0004 GigabitEthernet0/2/1 vlan 2
#
return
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055378

Views: 16898

Downloads: 35

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next