No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access 01

This is ME60 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Static Blackhole MAC Address Entries

Configuring Static Blackhole MAC Address Entries

To protect a network against attacks using MAC addresses, configure static blackhole MAC address entries to discard packets with the specified destination MAC addresses.

Usage Scenario

To prevent invalid MAC address entries, such as those of unauthorized users, from occupying a MAC address table and prevent hackers from attacking user devices or networks using MAC addresses, configure the MAC addresses of untrusted users as blackhole MAC addresses to discard packets destined for such MAC addresses.

Pre-configuration Tasks

Before configuring static blackhole MAC address entries, connect interfaces and set their physical parameters to ensure that the physical status of the interfaces is Up.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run mac-address blackhole mac-address { vlan vlan-id | vsi vsi-name }

    The static blackhole MAC address entries are configured.

  3. Run commit

    The configuration is committed.

Checking the Configurations

Run the following commands to check the previous configurations.

  • Run the display mac-address [ mac-address ] [ vlan vlan-id | vsi vsi-name ] [ verbose ] command to check detailed information about MAC address entries.

  • Run the display mac-address blackhole [ vlan vlan-id | vsi vsi-name ] [ verbose ] command to check static blackhole MAC address entries.

Run the display mac-address command to view all MAC address entries. Check whether the static blackhole MAC address entries are configured correctly by the Type field.

<HUAWEI> display mac-address
MAC address table of slot 1:                                                                                                        
-------------------------------------------------------------------------------
MAC Address    VLAN/BD/       PEVLAN CEVLAN Port            Type      LSP/LSR-ID
               VSI/SI/EVPN                                            MAC-Tunnel
-------------------------------------------------------------------------------
0001-0001-0009 6              -      -      -               blackhole -                                                                
0001-0001-0010 7              -      -      -               blackhole -                                                                
0001-0001-0010 8              -      -      -               blackhole -                                                                
0001-0001-0010 9              -      -      -               blackhole -                                                                
0001-0001-0010 10             -      -      -               blackhole -                                                                
0001-0001-0010 11             -      -      -               blackhole -                                                                
0001-0001-0010 12             -      -      -               blackhole -                                                                
0001-0001-0010 54             -      -      GE1/0/1         static    -                                                                
0001-0001-0001 200            -      -      GE1/0/1         static    -                                                                
0001-0001-0020 v1             54     -      GE1/0/2.1       static    -                                                                
0001-0001-0003 vsa            3      4      GE1/0/2.1       static    -                                                                
0001-0001-0005 vsa            4094   4094   GE1/0/2.2       static    -                                                                
-------------------------------------------------------------------------------  
Total matching items on slot 1 displayed = 12

Run the display mac-address blackhole command to view whether the static blackhole MAC address entries are configured correctly.

<HUAWEI> display mac-address blackhole
MAC address table of slot 0:
-------------------------------------------------------------------------------
MAC Address    VLAN/BD/    PEVLAN CEVLAN Port/Peerip     Type      LSP/LSR-ID
               VSI/SI/EVPN                                         MAC-Tunnel
-------------------------------------------------------------------------------
0024-7f94-349e 1           -      -      -               blackhole -           
-------------------------------------------------------------------------------
Total matching items on slot 0 displayed = 1
Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059440

Views: 27291

Downloads: 18

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next