< Home

Example for Configuring Static MAC Address Entries

Networking Requirements

In Figure 1, the PC with MAC address 0002-0002-0002 connects to GE0/0/1 of the Switch, and the server with MAC address 0004-0004-0004 connects to GE0/0/2 of the Switch. The PC and server communicate in VLAN 2.

  • To prevent unauthorized users from using the PC's MAC address to initiate attacks, configure a static MAC address entry for the PC on the Switch.

  • To prevent unauthorized users from using the server's MAC address to intercept data, configure a static MAC address entry for the server on the Switch.

This example applies to scenarios with a small number of users. When there are many users, use dynamic MAC address entries. For details, see Example for Configuring Port Security in "Port Security Configuration" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Security.

Figure 1 Configuring static MAC address entries

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create VLAN 2 and add the interfaces connected to the PC and server to the VLAN to implement Layer 2 forwarding.

  2. Configure static MAC address entries to prevent attacks from unauthorized users.

Procedure

  1. Create static MAC address entries.

    # Create VLAN 2 and add GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to VLAN 2.

    <HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 2
[Switch-vlan2] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type access
[Switch-GigabitEthernet0/0/1] port default vlan 2
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type access
[Switch-GigabitEthernet0/0/2] port default vlan 2
[Switch-GigabitEthernet0/0/2] quit

    # Configure static MAC address entries.

    [Switch] mac-address static 2-2-2 GigabitEthernet 0/0/1 vlan 2
[Switch] mac-address static 4-4-4 GigabitEthernet 0/0/2 vlan 2

  2. Verify the configuration.

    # Run the display mac-address static vlan 2 command in any view to check whether the static MAC address entries are successfully added to the MAC address table.

    [Switch] display mac-address static vlan 2
------------------------------------------------------------------------------- 
MAC Address          VLAN/VSI/BD                 Learned-From        Type       
-------------------------------------------------------------------------------
0002-0002-0002       2/-/-                       GE0/0/1             static    
0004-0004-0004       2/-/-                       GE0/0/2             static

-------------------------------------------------------------------------------
Total items displayed  = 2

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 2
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 2
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 2
#
mac-address static 0002-0002-0002 GigabitEthernet0/0/1 vlan 2
mac-address static 0004-0004-0004 GigabitEthernet0/0/2 vlan 2
#
return
Parent Topic: Configuration Examples for MAC Address Tables
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >