Example for Configuring Static MAC Address Entries

31 0 0 0

Overview

MAC address entries are automatically generated when the switch learns the source MAC addresses of packets. Static MAC address entries are manually configured.

A network administrator manually adds MAC address entries of authorized users into the MAC address table. The static MAC address entries are often used to prevent unauthorized users from intercepting data of authorized users.

If a large number of static MAC address entries are manually configured, network maintenance can be difficult. You can enable port security to dynamically bind MAC addresses to interfaces.

Configuration Notes

This example applies to all versions of all S series switches.

Networking Requirements

In Figure 6-1, the server connects to the switch through GE1/0/2. To prevent the switch from broadcasting packets destined for the server, the static MAC address entry of the server needs to be configured on the switch. This ensures that the switch unicasts packets destined for the server through GE1/0/2. The MAC address of the PC is statically bound to GE1/0/1 to ensure secure communication between the PC and server.

Figure 6-1  Networking for configuring static MAC address entries 
imgDownload?uuid=cadc28c161604f19a5bda83

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN on the switch and add an interface to the VLAN to implement Layer 2 forwarding.

  2. Configure the static MAC address entry of the server on the switch.

  3. Configure the static MAC address entry of the PC on the switch.

Procedure

  1. Create VLAN 2 on the switch and add GE1/0/1 and GE1/0/2to VLAN 2.

    <HUAWEI> system-view[HUAWEI] sysname Switch[Switch] vlan batch 2   //Create VLAN 2.[Switch] interface gigabitethernet 1/0/1[Switch-GigabitEthernet1/0/1] port link-type access   //The interface connected to the PC must be the access interface. The default link type of an interface is not access, so you need to manually configure the access interface.[Switch-GigabitEthernet1/0/1] port default vlan 2   //Add GE1/0/1 to VLAN 2.[Switch-GigabitEthernet1/0/1] quit[Switch] interface gigabitethernet 1/0/2   //The configuration of GE1/0/2 is similar to that of GE1/0/1.[Switch-GigabitEthernet1/0/2] port link-type access [Switch-GigabitEthernet1/0/2] port default vlan 2[Switch-GigabitEthernet1/0/2] quit

  2. Configure the static MAC address entry of the server on the switch.

    [Switch] mac-address static 4-4-4 gigabitethernet 1/0/2 vlan 2

  3. Configure the static MAC address entry of the PC on the switch.

    [Switch] mac-address static 2-2-2 gigabitethernet 1/0/1 vlan 2

  4. Verify the configuration.

    # Run the display mac-address static vlan 2 command in any view to check whether static MAC address entries were successfully added to the MAC address table.

    [Switch] display mac-address static vlan 2------------------------------------------------------------------------------- 
    MAC Address          VLAN/VSI                    Learned-From        Type       
    -------------------------------------------------------------------------------
    0002-0002-0002       2/-                         GE1/0/1             static0004-0004-0004       2/-                         GE1/0/2             static-------------------------------------------------------------------------------
    Total items displayed  = 2

Configuration Files

Switch configuration file

#
sysname Switch#
vlan batch 2
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 2
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 2
#
mac-address static 0002-0002-0002 GigabitEthernet1/0/1 vlan 2
mac-address static 0004-0004-0004 GigabitEthernet1/0/2 vlan 2
#
return

See more please click 

https://support.huawei.com/enterprise/en/doc/EDOC1000069520/9aadccc0/comprehensive-configuration-examples


  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login