Configuring a blackhole mac address entry – H3C Technologies H3C WX5500E Series Access Controllers User Manual
Page 34
23
Configuring static, dynamic, and blackhole MAC address
entries
To help prevent MAC address spoofing attacks and improve port security, you can manually add MAC
address entries to bind ports with MAC addresses. You can also configure blackhole MAC address
entries to filter out packets with certain source or destination MAC addresses.
Adding or modifying a static or dynamic MAC address entry globally
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Add or modify a
dynamic or static
MAC address entry.
mac-address { dynamic | static } mac-address
interface interface-type interface-number vlan vlan-id
By default, no MAC
address entry is
configured.
Make sure you have
created the VLAN and
assigned the interface to
the VLAN.
Adding or modifying a static or dynamic MAC address entry on an interface
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter Layer 2 Ethernet or
aggregate interface view.
interface interface-type
interface-number
N/A
3.
Add or modify a static or
dynamic MAC address entry.
mac-address { dynamic | static }
mac-address vlan vlan-id
By default, no MAC address entry
is configured.
Make sure you have created the
VLAN and assigned the interface
to the VLAN.
When you configure a static MAC
address entry on an interface that
belongs to a specific
isolate-user-VLAN, you only need
to specify the isolate-user-VLAN,
instead of any secondary VLANs
associated with the
isolate-user-VLAN. For more
information about
isolate-user-VLANs, see
"Configuring isolate-user-VLANs."
Configuring a blackhole MAC address entry
Step Command
Remarks
1.
Enter system view.
system-view
N/A