Example for Configuring Blackhole MAC Address Entries

Networking Requirements

In Figure 1, the Switch receives packets from an unauthorized PC that has the MAC address 0005-0005-0005 and belongs to VLAN 3. This MAC address entry can be configured as a blackhole MAC address entry so that the Switch filters out packets from the unauthorized PC.

Figure 1 Configuring a blackhole MAC address entry

Configuration Roadmap

The configuration roadmap is as follows:

Create a VLAN to implement Layer 2 forwarding.
Configure a blackhole MAC address entry to filter out packets from the unauthorized PC.

Procedure

Configure a blackhole MAC address entry.

# Create VLAN 3.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 3
[Switch-vlan3] quit

# Configure a blackhole MAC address entry.

[Switch] mac-address blackhole 0005-0005-0005 vlan 3

Verify the configuration.

# Run the display mac-address blackhole command in any view to check whether the blackhole MAC address entry is successfully added to the MAC address table.

[Switch] display mac-address blackhole
------------------------------------------------------------------------------- 
MAC Address    VLAN/VSI/BD                       Learned-From        Type       
------------------------------------------------------------------------------- 
0005-0005-0005 3/-/-                             -                   blackhole  
                                                                                
------------------------------------------------------------------------------- 
Total items displayed = 1

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 3
#
mac-address blackhole 0005-0005-0005 vlan 3                                     
#
return