Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Switch to Discard Packets That Do Not Match Any MAC Address Entry
Context
After the switch is configured to discard packets that do not match any MAC address entries, such packets are discarded, which reduces the load on the switch and enhances system security.
After a DHCP user goes offline, the MAC address entry of the user ages out. If there are packets destined for this user, the switch cannot find the MAC address entry and therefore broadcasts the packets to all interfaces in the VLAN. In this case, all users receive the packets, which bring security risks. To reduce the load on the switch and enhance security, configure the switch to discard packets that do not match any MAC address entries.Procedure
- Run system-view
The system view is displayed.
- Run vlan vlan-id
The VLAN view is displayed.
- Run mac-address miss action discard
The switch is configured to discard packets that do not match any MAC address entries.
By default, the switch broadcasts the packets that do not match any MAC address entries in a VLAN.
- Run commit
The configuration is committed.