Configure blackhole MAC addresses on S series switch

0

Perform the following operations to configure blackhole MAC addresses on S series switches (except S1700):
1. Configure a blackhole MAC address in a VLAN.
[HUAWEI] vlan batch 100
[HUAWEI] mac-address blackhole 0-0-1 vlan 100
2. Configure a blackhole MAC address globally. The globally configured blackhole MAC address takes effect in all VLANs.
[HUAWEI] mac-address blackhole 0-0-1

After the preceding configuration is complete, you can run the display mac-address blackhole command to view the configured blackhole MAC address.

Other related questions:
How do I configure the blackhole MAC address of an AR
To configure a blackhole MAC address on an AR, use the following method.
Run the mac-address blackhole mac-address vlan vlan-id command in the system view.
For example:
# Add teh following blackhome MAC address entry in which the destination MAC address is 0004-0004-0004 and the VLAN ID is VLAN 5 to the MAC address table.
[Huawei] mac-address blackhole 0004-0004-0004 vlan 5

Note:
- The AR510 does not support blackhole MAC address entries.
-  For the AR161, AR161W, AR169, AR161G-L, AR169G-L, and AR169-P-M among AR169 series, when the source MAC address of packets is a blackhole MAC address, the AR does not discard the packets. Instead, the AR forwards them.
- On the 4GE-2S, 4ES2G-S, 4ES2GP-S, and 9ES2 cards, when the source MAC address of packets is a blackhole MAC address, the AR does not discard the packets. Instead, the AR forwards them.

Configure MAC address bypass authentication on S series switch
On S series switches (except S1700), you can enable MAC address bypass authentication for terminals such as printers on which the 802.1x client software cannot be installed or used to allow these terminals to access the network. For example, if a large number of PCs and a small number of dumb terminals are connected to GE1/0/1 and GE1/0/5, to ensure that the PCs and dumb terminals access the network, you can enable 802.1x authentication and MAC address bypass authentication on GE1/0/1 and GE1/0/5. The following describes the configuration: - Configure multiple interfaces in a batch in the system view. [HUAWEI] dot1x enable [HUAWEI] dot1x enable interface gigabitethernet 1/0/1 gigabitethernet 1/0/5 [HUAWEI] dot1x mac-bypass interface gigabitethernet 1/0/1 gigabitethernet 1/0/5 - Configure each interface in the interface view. [HUAWEI] dot1x enable [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] dot1x enable [HUAWEI-GigabitEthernet1/0/1] dot1x mac-bypass [HUAWEI-GigabitEthernet1/0/1] quit [HUAWEI] interface gigabitethernet 1/0/5 [HUAWEI-GigabitEthernet 1/0/5] dot1x enable [HUAWEI-GigabitEthernet 1/0/5] dot1x mac-bypass Precautions: 1. In addition to performing the preceding configuration, you still need to add MAC addresses of terminals on the authentication server. For details, see the configuration guide of the authentication server. 2. In V200R005C00 and later version, S series switches support MAC address bypass authentication only in NAC traditional configuration mode.

Method used to configure blackhole MAC address entries on USG firewalls
Blackhole MAC address entries are a special type of MAC addresses that are manually configured. A device discards a packet if the destination MAC address in the packet is a blackhole MAC address. To configure a blackhole MAC address entry, in the system or interface view, run the mac-address blackhole mac-address interface-type interface-number vlan vlan-id command.

Specification of the MAC address table on an S series switch
Hi, I cannot answer this question. For details about product specifications, click http://e.huawei.com/en/service-hotline to look up the contact method of your local customer service engineers.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top