No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access 01

This is ME60 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Disabling MAC Address Learning

Disabling MAC Address Learning

On a network where networking is fixed, after MAC address learning is disabled on an interface of a device, other servers or terminals cannot communicate with this device through this interface, improving the device security.

Applicable Environment

As shown in Figure 2-3, the device named CE connects to the server through an interface. The network administrator can configure the interface to allow packets with certain MAC addresses to pass, in order to improve device security by configure the server's static MAC address on this interface, disabling MAC address learning on this interface, and specifying the action as discard. In this way, other servers or terminals cannot communicate with the device named CE through this interface, improving network security and stability.
Figure 2-3 Networking diagram for disabling MAC address learning

Pre-configuration Tasks

Before enabling MAC address learning, complete the following task:

  • Connect interfaces and set their physical parameters to ensure that the physical status of the interfaces is Up.

Configuration Procedure

Perform one or more of the following configurations (excluding checking the configuration) as required.

Disabling MAC Address Learning in a VLAN

Disabling MAC address learning in a VLAN helps defend against MAC address attacks and improves security for users in this VLAN.

Context

If a device has only one inbound interface and one outbound interface or the network is stable and safe, MAC address learning can be disabled in the VLAN to save space of the MAC address table. For details, see Disabling MAC Address Learning in a VLAN.

Verifying the Configuration of Disabling MAC Address Learning

After disabling MAC address learning on an interface and in a VLAN, verify the configuration.

Prerequisites

MAC address learning has been disabled on an interface and in a VLAN.

Procedure

  • Run the display current-configuration interface interface-type interface-number command to check whether MAC address learning has been disabled on this interface.
  • Run the display vlan [ vlan-id [ verbose ] ] command to check whether MAC address learning has been disabled in this VLAN.

Example

Run the display current-configuration command to check whether MAC address learning has been disabled on this interface.

<HUAWEI> display current-configuration interface gigabitethernet 1/0/1
# interface GigabitEthernet1/0/1 mac-address learning disable # 

Run the display vlan command to check whether MAC address learning has been disabled in this VLAN.

<HUAWEI> display vlan 10
--------------------------------------------------------------------------------
U: Up;         D: Down;         TG: Tagged;         UT: Untagged;
MP: Vlan-mapping;               ST: Vlan-stacking;
#: ProtocolTransparent-vlan;    *: Management-vlan;
--------------------------------------------------------------------------------

VID  Type    Ports
--------------------------------------------------------------------------------
10   common  UT:GE3/0/1(U)     GE3/0/2(U)

VID  Status  Property      MAC-LRN Statistics Description
--------------------------------------------------------------------------------
10   enable  default       disable disable    VLAN 0010        
Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059440

Views: 27275

Downloads: 18

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next