How to create the virtual MAC address of the VRRP on the AR router

7

The virtual MAC address is generated based on the virtual router ID. The format is 00-00-5E-00-01-{VRID}(VRRP); 00-00-5E-00-02-{VRID}(VRRP6).

Other related questions:
How to configure a virtual address of VRRP on an AR router
How to configure a virtual address of VRRP on an AR router? The vrrp vrid virtual-router-id virtual-ip virtual-address command is used to create a VRRP group and specify a virtual IP address for the group. The vrid virtual-router-id command is used to specify a VRRP group number which is an integer in the range from 1 to 255. The virtual-ip virtual-address command is used to specify a virtual IP address (dotted decimal notation) for the VRRP group. [Huawei] interface gigabitethernet 1/0/0 [Huawei-GigabitEthernet1/0/0] vrrp vrid 1 virtual-ip 10.10.10.10 //Create a VRRP group on GE1/0/0. The group number is 1, and the virtual IP address is 10.10.10.10.

How is a VRRP virtual MAC address calculated
A virtual MAC address is generated by the virtual router based on the virtual router ID. The virtual MAC address format is 00-00-5E-00-01-{VRID} (VRRP) and 00-00-5E-00-02-{VRID} (VRRP6).

Can the MAC address of the bridged virtual interface of a bridge on an AR router be modified

The MAC address of the bridged virtual interface (BVI) of a bridge on an AR router can be modified.
You can run the mac-address command in the Bridge-if interface view to modify the MAC address of the current bridged virtual interface.
The MAC address of a bridged virtual interface is the system MAC address, which may conflict with the MAC addresses of other interfaces or virtual interfaces. If the MAC address of a bridged virtual interface conflicts with the MAC addresses of member interfaces of the bridge group, the bridged virtual interface cannot transmit traffic in Layer 3.
When configuring a bridged virtual interface, confirm whether the MAC address of the interface conflicts with the MAC addresses of the member interfaces of the bridge group. If the MAC addresses conflict, you can run the mac-address command to modify the MAC address of the Bridge-if interface.
After the MAC address of the bridged virtual interface is modified, the device proactively sends a free ARP to update the ARP entries on the peer device.

How to filter MAC addresses on an AR router
On a network where security requirements for user access are high, configure the interface security function on the router to enable the MAC addresses learnt by an interface to be converted to secure MAC addresses. If the maximum number of MAC addresses that can be learnt by a router reaches the upper limit, the router does not learn new MAC addresses and allows communication with the devices of only these MAC addresses. This can prevent untrusted users from communicating with the router over this interface and improve device and network security. For details about the function and its configuration procedure, choose Configuration Guide (via Command Line)> Security> Port Security Configuration through the URL: Product documentation."

Can the virtual MAC address be used as the source MAC address of packets
Yes. By default, the firewall uses the physical MAC address to encapsulate Layer-3 service packets. To use the virtual MAC address, run the vrrp virtual-mac enable command in the interface view.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top