< Home

(Optional) Configuring a Static MAC Address Entry

Context

When the device creates a MAC address table by learning source MAC addresses, the device cannot distinguish packets from authorized and unauthorized users. This threatens network security. If an unauthorized user uses the MAC address of an authorized user as the source MAC address of attack packets and connects to another interface of the device, the device learns an incorrect MAC address entry. The device incorrectly forwards the packets to the unauthorized user. Actually, the packets should be forwarded to the authorized user. You can manually add a static MAC address entry to the MAC address tables on the VXLAN access side and tunnel side. The static MAC address entry binds the MAC address to a specified interface, which prevents unauthorized users from intercepting data of authorized users. In addition, a manually configured static MAC address entry improves the unicast packet forwarding efficiency and saves bandwidth.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run mac-address static mac-address interface-type interface-number.subnum bridge-domain bd-id { default | untag | vid vlan-id1 [ ce-vid vlan-id2 ] }

    A static MAC address entry is configured on a Layer 2 sub-interface on a VXLAN access-side interface.

    Alternatively, run mac-address static mac-address interface-type interface-number bridge-domain bd-id vid vlan-id3

    A VLAN-based static MAC address entry is configured on a VXLAN access-side interface.

    Before you configure a static MAC address entry on a VXLAN access-side interface, the interface must be connected to the VXLAN network first. Parameters here must be the same as those configured to connect to the interface to the VXLAN network.

Parent Topic: Configuring VXLAN in Centralized Gateway Mode Using BGP EVPN
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >