No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring MAC Address Entries

Configuring MAC Address Entries

This section describes how to configure static and static black-hole MAC address entries. After a static MAC address entry is configured, the packet with the specified destination MAC address is forwarded from the specified interface. This process prevents a device from being attacked by forged MAC addresses. After a black-hole MAC address entry is configured, the packet with a specific destination MAC address is discarded. This process prevents hackers from using MAC addresses to attack networks.

Context

If a network has fixed users or an important server is connected to the device on the network, configure static MAC address entries on the device to prevent hackers from attacking the device or the server.

To prevent invalid MAC address entries (for example, unauthorized users' MAC address entries) from occupying the space of a MAC address table and prevent hackers from using MAC addresses to attack user devices or networks, configure the MAC addresses of untrustworthy users as static black-hole MAC addresses and discard packets with these untrustworthy MAC addresses as the destination MAC addresses.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run mac-address static mac-address interface-type interface-number vsi vsi-name [ pe-vid pe-vid [ ce-vid ce-vid ] ]

    A static MAC address entry based on a VSI is configured.

  3. Run mac-address blackhole mac-address { vlan vlan-id | vsi vsi-name }

    A static black-hole MAC address entry is configured.

  4. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 27712

Downloads: 53

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next