MAC

S7700 V200R019C10 Web-based Configuration Guide

This document describes how to configure and maintain devices through the web NMS client, including device status statistics, SVF, interface, Ethernet switching, IP service, IP routing, security, ACL, AAA, system management, QoS, WLAN, diagnosis service, and EasyDeploy.

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

MAC

Context

Each switch maintains a MAC address table. A MAC table records learned MAC addresses, VLAN IDs, and outbound interfaces. To forward data, the switch searches the MAC table based on destination MAC addresses and VLAN IDs carried in packets to determine the outbound interfaces for the packets. Therefore, broadcast traffic is reduced. Configure the following MAC address types and functions:

The interface obtains dynamic entries based on the learning of source MAC addresses. The dynamic entries can be aged.
Static MAC entries are manually configured and never age. For details, see Configuring a static MAC.
Blackhole MAC entries are used to discard data frames with the specified source or destination MAC addresses. Blackhole MAC entries are manually configured and never age. For details, see Configuring a blackhole MAC address entry.
ARP entry fixing can be configured to defend against ARP address spoofing attacks. For details, see Configuring ARP entry fixing.
Port security makes MAC addresses learned on an interface become secure MAC addresses to allow only hosts with secure MAC addresses and static MAC addresses to communicate with the switch through the interface, improving switch security. For details, see Configuring port security.

Procedure

Configuring MAC/IP address security and the aging time of dynamic MAC addresses

Choose Configuration > Advanced Services > MAC, as shown in Figure 5-91.

Figure 5-91 Querying MAC address entries

Table 5-54 describes the parameters on the page.

Table 5-54 Configuring MAC address aging and MAC address flapping detection

Parameter		Description
MAC/IP address security		Specifies whether to enable the ARP gateway anti-collision function.
Dynamic MAC address aging		Specifies whether to configure the aging time of MAC address entries.
Dynamic MAC address aging time(s)		Specifies the aging time of dynamic MAC address entries.
MAC address flapping detection		Specifies whether to configure global MAC address flapping detection.
MAC address flapping aging time(s)		Specifies the aging time of flapping MAC address entries.

Set parameters.
Click Apply.

Querying MAC address entries
1. Choose Configuration > Advanced Services > MAC, as shown in Figure 5-91.
2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed.
3. Click Refresh to refresh entries in the MAC address list.
4. Set search item for querying MAC address entries based on the MAC Address, Type, Outbound Interface and VLAN ID.
5. Click . The search result is displayed.
Configuring a static user
1. Choose Configuration > Advanced Services > MAC, as shown in Figure 5-91.
2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed.
3. Click Create Static MAC. The Create Static MAC page is displayed, as shown in Figure 5-92.
  Figure 5-92 Creating a static mac
4. Set parameters.
5. Click OK.
Creating a static secure MAC address
1. Choose Configuration > Advanced Services > MAC, as shown in Figure 5-91.
2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed.
  
  Before creating a static secure MAC address, enable port security by referring to Configuring port security.
  After port security is enabled, a yellow shield identifier next to the interface is displayed.
3. Click Create Secure MAC. The Create Secure MAC page is displayed, as shown in Figure 5-93.
  Figure 5-93 Creating a secure MAC address
4. Set parameters.
5. Click OK.
Deleting MAC address entries
1. Choose Configuration > Advanced Services > MAC, as shown in Figure 5-91.
2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed.
3. Select an entry and click Delete MAC. The system asks you whether to delete the entry.
4. Click OK.
Configuring a blackhole MAC address entry
1. Choose Configuration > Advanced Services > MAC, as shown in Figure 5-91.
2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed.
3. Select an entry and click Convert to Blackhole MAC. The system asks you whether to configure the entry as a blackhole MAC address entry.
  
  Only dynamic MAC address entries can be configured as blackhole MAC address entries.
  
  After dynamic MAC address entries are configured as blackhole MAC address entries, select Select all interfaces so that they can be displayed in the MAC address list.
4. Click OK.
Configuring fixing of ARP entries
1. Choose Configuration > Advanced Services > MAC, as shown in Figure 5-91.
2. Click the MAC Address tab and select the interfaces. The MAC Address tab page is displayed.
3. Select an entry and click Fix MAC. The system asks you whether to fix the MAC address entry.
  
  Only dynamic MAC address entries can be fixed.
4. Click OK.

Configuring port security

Choose Configuration > Advanced Services > MAC, as shown in Figure 5-91.
Click the MAC Security tab. The MAC Security tab page is displayed.

Select a port, as shown in Figure 5-94.

Figure 5-94 Configuring port security

Table 5-55 describes parameters on the MAC Security tab page.

Table 5-55 Configuring port security

Parameter		Description
Interface Name		-
Interface Security		If a network requires high access security, you can configure port security on specified ports. MAC addresses learned by these ports are changed to dynamic secure MAC addresses or sticky MAC addresses. When the number of learned MAC addresses reaches the limit, the ports do not learn new MAC addresses. This prevents devices with untrusted MAC addresses from connecting to these ports, improving security of the devices and the network.
MAC Address Limit (1-4096)		Maximum number of MAC addresses that can be learned by a port.
Sticky MAC		Sticky MAC addresses will not be aged out and will exist after the device restarts.
Port Security Aging Time		The aging time of secure dynamic MAC addresses on an interface.

Set parameters.
Click Apply.

Configuring MAC address learning
1. Choose Configuration > Advanced Services > MAC, as shown in Figure 5-91.
2. Click the MAC Address Learning tab to access the MAC Address Learning page and select the interface to be configured in the interface selection area, as shown in Figure 5-95.
  Figure 5-95 Configuring MAC address learning
3. Click Enable or Disable to enable or disable MAC address learning on the interface.
Checking MAC address flapping information
1. Choose Configuration > Advanced Services > MAC, as shown in Figure 5-91.
2. Click the MAC Flapping tab to access the MAC Flapping page, as shown in Figure 5-96.
  Figure 5-96 MAC Flapping page
3. Click Refresh to refresh MAC address flapping information.

Translation

简体中文

Download

Updated: 2022-05-20

Document ID: EDOC1100126882

Downloads: 138

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

This document describes how to configure and maintain devices through the web NMS client, including device status statistics, SVF, interface, Ethernet switching, IP service, IP routing, security, ACL, AAA, system management, QoS, WLAN, diagnosis service, and EasyDeploy.

Context

Procedure

Related Version

Related Documents

Digital Signature File