Hello everyone,
Today I will share with you how to configure blackhole MAC address entries.
Overview
Blackhole MAC address entries can be used to prevent attacks from unauthorized users. The switch discards packets from or destined to blackhole MAC addresses.
Configuration Notes
This example applies to all versions of all S series switches.
Networking Requirements
As shown in Figure 6-2, the switch receives a packet from an unauthorized PC whose MAC address is 0005-0005-0005 and belongs to VLAN 3. This MAC address can be configured as a blackhole MAC address to filter packets from unauthorized users.
Configuration Roadmap
The configuration roadmap is as follows:
Create a VLAN to implement Layer 2 forwarding.
Configure a blackhole MAC address to block packets from this MAC address.
Procedure
Configure a blackhole MAC address entry.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan 3 //Create VLAN 3. [Switch-vlan3] quit [Switch] mac-address blackhole 0005-0005-0005 vlan 3 //Configure MAC address 0005-0005-0005 as the blackhole MAC address in VLAN 3.
Verify the configuration.
# Run the display mac-address blackhole command in any view to check whether the blackhole MAC address entry was successfully added to the MAC address table.
[Switch] display mac-address blackhole------------------------------------------------------------------------------- MAC Address VLAN/VSI Learned-From Type ------------------------------------------------------------------------------- 0005-0005-0005 3/- - blackhole ------------------------------------------------------------------------------- Total items displayed = 1
Configuration Files
Switch configuration file
# sysname Switch# vlan batch 3 # mac-address blackhole 0005-0005-0005 vlan 3 # return
See more please click
That is all I want to share with you! Thank you!
