H3C Technologies H3C S12500 Series Switches User Manual

47

To improve port security, you can manually add MAC address entries to the MAC address table to bind

ports with MAC addresses, fending off MAC address spoofing attacks.
In addition, you can configure blackhole MAC address entries to filter out packets with certain source or

destination MAC addresses.

Adding or modifying a static, dynamic, or blackhole MAC
address table entry in system view

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Add or modify a

dynamic or static MAC
address entry.

mac-address { dynamic | static }
mac-address interface interface-type

interface-number vlan vlan-id

Use either
command.

3.

Add or modify a
blackhole MAC address

entry.

mac-address blackhole mac-address
vlan vlan-id

Adding or modifying a static or dynamic MAC address table
entry in interface view

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter Layer 2 Ethernet
interface view or Layer 2

aggregate interface

view.

interface

interface-type

interface-number

N/A

3.

Add or modify a static or
dynamic MAC address

entry.

mac-address { dynamic | static }
mac-address vlan vlan-id

Make sure that
you have created
the VLAN and

assign the

interface to the
VLAN.

Configuring a multiport unicast MAC address table

entry

Multiport unicast MAC address entries enable you to deliver a single-destination packet out of multiple
ports. For example, when a group of servers are processing a request from a client, the client is not

concerned with the details of these servers and believes that only one server is responding. In this case,

you can configure a multiport unicast MAC address entry on the device connected to the group of servers.

In this manner, the device forwards the frame destined for the server group, which is considered as one
server by the client, to every server.