Network requirements, Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual

52

Network requirements

As shown in

Figure 15

:

•

The MAC address of Host A is 000f-e235-dc71 and belongs to VLAN 1. It is connected to
GigabitEthernet 3/0/1 of the switch. To prevent MAC address spoofing, add a static entry for the

host in the MAC address table of the switch.

•

The MAC address of Host B is 000f-e235-abcd and belongs to VLAN 1. For security, because this
host once behaved suspiciously on the network, add a destination blackhole MAC address entry for
the host MAC address, so all packets destined for the host will be dropped.

•

Set the aging timer for dynamic MAC address entries to 500 seconds.

Figure 15 Network diagram

Configuration procedure

# Add a static MAC address entry.

<Sysname> system-view

[Sysname] mac-address static 000f-e235-dc71 interface Gigabitethernet 3/0/1 vlan 1

# Add a destination blackhole MAC address entry.

[Sysname] mac-address blackhole 000f-e235-abcd vlan 1

# Set the aging timer for dynamic MAC address entries to 500 seconds.

[Sysname] mac-address timer aging 500

# Display the MAC address entry for port GigabitEthernet 3/0/1.

[Sysname] display mac-address interface Gigabitethernet 3/0/1

MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)

000f-e235-dc71 1 Config static GigabitEthernet3/0/1 NOAGED

--- 1 mac address(es) found on port GigabitEthernet3/0/1 ---

# Display information about destination blackhole MAC addresses.

[Sysname] display mac-address blackhole

MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)

000f-e235-abcd 1 Blackhole N/A NOAGED

--- 1 mac address(es) found ---