Example for Configuring Blackhole MAC Address Entries

97 0 0 0

Overview

Blackhole MAC address entries can be used to prevent attacks from unauthorized users. The switch discards packets from or destined to blackhole MAC addresses.

Configuration Notes

This example applies to all versions of all S series switches.

Networking Requirements

As shown in Figure 6-2, the switch receives a packet from an unauthorized PC whose MAC address is 0005-0005-0005 and belongs to VLAN 3. This MAC address can be configured as a blackhole MAC address to filter packets from the unauthorized user.

Figure 6-2  Networking for configuring blackhole MAC address entries 
imgDownload?uuid=e8d46e5a546c409e9ed5588

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN to implement Layer 2 forwarding.

  2. Configure a blackhole MAC address to block packets from this MAC address.

Procedure

  1. Configure a blackhole MAC address entry.

    <HUAWEI> system-view[HUAWEI] sysname Switch[Switch] vlan 3   //Create VLAN 3.[Switch-vlan3] quit[Switch] mac-address blackhole 0005-0005-0005 vlan 3   //Configure MAC address 0005-0005-0005 as the blackhole MAC address in VLAN 3.

  2. Verify the configuration.

    # Run the display mac-address blackhole command in any view to check whether the blackhole MAC address entry was successfully added to the MAC address table.

    [Switch] display mac-address blackhole------------------------------------------------------------------------------- 
    MAC Address    VLAN/VSI                          Learned-From        Type       
    ------------------------------------------------------------------------------- 
    0005-0005-0005 3/-                               -                   blackhole  
                                                                                    ------------------------------------------------------------------------------- 
    Total items displayed = 1

Configuration Files

Switch configuration file

#
sysname Switch#
vlan batch 3
#
mac-address blackhole 0005-0005-0005 vlan 3                                     
#
return

See more please click 

https://support.huawei.com/enterprise/en/doc/EDOC1000069520/9aadccc0/comprehensive-configuration-examples


  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login