To configure VLAN-based blackhole MAC address entries, perform the following operations:
# Add a blackhole MAC address entry to the MAC address table. For example, in the blackhole MAC address entry, the MAC address is 0004-0004-0004 and the VLAN ID is VLAN 10.
<HUAWEI> system-view [HUAWEI] vlan 10 [HUAWEI-vlan10] quit [HUAWEI] mac-address blackhole 0004-0004-0004 vlan 10
For the S2720-EI, S5720I-SI, S5720-LI, S5735-L, S5735S-L, S5735S-L-M, S5720S-LI, S5720S-SI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, or S6720-SI switch, if both traffic policy-based redirection action and VLAN-based blackhole MAC address are configured, the switch will not discard the packet if its source or destination MAC address is a blackhole MAC address and the packet matches the redirection policy. In this scenario, you are advised to configure a global blackhole MAC address or configure an ACL-based simplified traffic policy to discard specific packets.
# Add the global blackhole MAC address 0004-0004-0004 to the MAC address table.
<HUAWEI> system-view [HUAWEI] mac-address blackhole 0004-0004-0004
# Configure an ACL-based simplified traffic policy to discard packets with MAC address 0004-0004-0004 and VLAN 10.
<HUAWEI> system-view [HUAWEI] vlan 10 [HUAWEI-vlan10] quit [HUAWEI] acl number 4000 [HUAWEI-acl-L2-4000] rule 5 deny source-mac 0004-0004-0004 vlan-id 10 [HUAWEI-acl-L2-4000] rule 10 deny destination-mac 0004-0004-0004 vlan-id 10 [HUAWEI-acl-L2-4000] quit [HUAWEI] traffic-filter inbound acl 4000