No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
mac-learning priority allow-flapping

mac-learning priority allow-flapping

Function

The mac-learning priority allow-flapping command allows MAC address flapping between interfaces with the same priority.

The undo mac-learning priority allow-flapping command prevents MAC address flapping between interfaces with the same priority.

By default, MAC address flapping between interfaces with the same priority is allowed.

Format

mac-learning priority priority-id allow-flapping

undo mac-learning priority priority-id allow-flapping

Parameters

Parameter

Description

Value

priority priority-id

Specifies the MAC address learning priority of an interface.

The value is an integer that ranges from 0 to 3. A larger value indicates a higher priority.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An uplink interface of the AP is connected to a server, and downlink interfaces are connected to users. To prevent unauthorized users from using the server MAC address to connect to the AP, you can run the undo mac-learning priority allow-flapping command to forbid MAC address flapping between interfaces with the same priority. MAC address then will not be learned by multiple interfaces. This prevents attackers from using the MAC addresses of valid devices to attack the AP.

Both the mac-learning priority command and the undo mac-learning priority allow-flapping command can prevent MAC address flapping. The difference between the two commands is as follows:

  • The undo mac-learning priority allow-flapping command prevents MAC address flapping between interfaces with the same priority. If an attacker uses the server MAC address to connect to the AP after the server is powered off, the AP learns the MAC address of the forged server. After the real server is powered on, the AP cannot learn the correct server MAC address.
  • The mac-learning priority command prevents MAC address flapping between interfaces with different priorities. If an attacker uses the server MAC address to connect to the AP after the server is powered off, the AP learns the MAC address of the forged server. After the real server is powered on, the AP can learn the correct server MAC address.

Example

# Forbid MAC address flapping between interfaces with priority 1.

<Huawei> system-view
[Huawei] undo mac-learning priority 1 allow-flapping
Related Topics
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 204387

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next