How to filter MAC addresses on an AR router


On a network where security requirements for user access are high, configure the interface security function on the router to enable the MAC addresses learnt by an interface to be converted to secure MAC addresses. If the maximum number of MAC addresses that can be learnt by a router reaches the upper limit, the router does not learn new MAC addresses and allows communication with the devices of only these MAC addresses. This can prevent untrusted users from communicating with the router over this interface and improve device and network security.
For details about the function and its configuration procedure, choose Configuration Guide (via Command Line)> Security> Port Security Configuration through the URL: Product documentation."

Other related questions:
What are the differences between the MAC address of a bridge on an AR router and a normal MAC address
The MAC address of a bridge on an AR router equals to a normal MAC address. A bridge bridges complete Layer-2 Ethernet packets.

What the diffrence between AR router MAC address of the bridge and ordinary MAC address
AR router MAC address of the bridge and ordinary MAC address are equivalent, a bridge bridge is complete ethernet packets on the second floor.

How to create the virtual MAC address of the VRRP on the AR router
The virtual MAC address is generated based on the virtual router ID. The format is 00-00-5E-00-01-{VRID}(VRRP); 00-00-5E-00-02-{VRID}(VRRP6).

How to configure URL filtering function on AR routers
AR150, AR160, AR200, AR1200, and AR2200 series (AR2201 and AR2202) do not support deep security function, that is, do not support the URL filtering function. The URL filtering function can be configured in CLI based on the following roadmap: 1. Purchase a license and activate it properly. 2. Configure the URL filtering template. 3. Bind the URL filtering template in the security policy. 4. Apply the security policy in the interzone. For details about the configuration and related screenshots, see the following URL of the Huawei enterprise technical forum: The AR router configures URL filtering from the command line For details about the configuration in Web management page and related description, see the following URL: AR router WEB interface configuration

Configure blackhole MAC addresses on S series switch
Perform the following operations to configure blackhole MAC addresses on S series switches (except S1700): 1. Configure a blackhole MAC address in a VLAN. [HUAWEI] vlan batch 100 [HUAWEI] mac-address blackhole 0-0-1 vlan 100 2. Configure a blackhole MAC address globally. The globally configured blackhole MAC address takes effect in all VLANs. [HUAWEI] mac-address blackhole 0-0-1 After the preceding configuration is complete, you can run the display mac-address blackhole command to view the configured blackhole MAC address.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top