< Home

Example for Configuring Static MAC Address Entries

Overview

MAC address entries are automatically generated when the switch learns the source MAC addresses of packets. Static MAC address entries are manually configured.

A network administrator manually adds MAC address entries of authorized users into the MAC address table. The static MAC address entries are often used to prevent unauthorized users from intercepting data of authorized users.

If a large number of static MAC address entries are manually configured, network maintenance can be difficult. You can enable port security to dynamically bind MAC addresses to interfaces.

Configuration Notes

This example applies to all versions of all S series switches.

Networking Requirements

In Figure 1, the server connects to the switch through GE1/0/2. To prevent the switch from broadcasting packets destined for the server, the static MAC address entry of the server needs to be configured on the switch. This ensures that the switch unicasts packets destined for the server through GE1/0/2. The MAC address of the PC is statically bound to GE1/0/1 to ensure secure communication between the PC and server.

Figure 1 Networking for configuring static MAC address entries

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN on the switch and add an interface to the VLAN to implement Layer 2 forwarding.

  2. Configure the static MAC address entry of the server on the switch.

  3. Configure the static MAC address entry of the PC on the switch.

Procedure

  1. Create VLAN 2 on the switch and add GE1/0/1 and GE1/0/2to VLAN 2. 

    <HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 2   //Create VLAN 2.
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type access   //The interface connected to the PC must be the access interface. The default link type of an interface is not access, so you need to manually configure the access interface.
[Switch-GigabitEthernet1/0/1] port default vlan 2   //Add GE1/0/1 to VLAN 2.
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface gigabitethernet 1/0/2   //The configuration of GE1/0/2 is similar to that of GE1/0/1.
[Switch-GigabitEthernet1/0/2] port link-type access 
[Switch-GigabitEthernet1/0/2] port default vlan 2
[Switch-GigabitEthernet1/0/2] quit

  2. Configure the static MAC address entry of the server on the switch. 

    [Switch] mac-address static 4-4-4 gigabitethernet 1/0/2 vlan 2

  3. Configure the static MAC address entry of the PC on the switch. 

    [Switch] mac-address static 2-2-2 gigabitethernet 1/0/1 vlan 2

  4. Verify the configuration.

    # Run the display mac-address static vlan 2 command in any view to check whether static MAC address entries were successfully added to the MAC address table.

    [Switch] display mac-address static vlan 2
------------------------------------------------------------------------------- 
MAC Address          VLAN/VSI                    Learned-From        Type       
-------------------------------------------------------------------------------
0002-0002-0002       2/-                         GE1/0/1             static
0004-0004-0004       2/-                         GE1/0/2             static

-------------------------------------------------------------------------------
Total items displayed  = 2

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 2
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 2
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 2
#
mac-address static 0002-0002-0002 GigabitEthernet1/0/1 vlan 2
mac-address static 0004-0004-0004 GigabitEthernet1/0/2 vlan 2
#
return
Parent Topic: Typical MAC Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >