The mac-address static bridge-domain command configures a static MAC address entry on a VXLAN access-side interface.
The undo mac-address static bridge-domain command deletes a static MAC address entry on a VXLAN access-side interface.
By default, no static MAC address entry is configured on a VXLAN access-side interface.
mac-address static mac-address interface-type interface-number.subnum bridge-domain bd-id { default | untag | vid vlan-id1 [ ce-vid vlan-id2 ] }
undo mac-address static mac-address interface-type interface-number.subnum bridge-domain bd-id { default | untag | vid vlan-id1 [ ce-vid vlan-id2 ] }
mac-address static mac-address interface-type interface-number bridge-domain bd-id vid vlan-id3
undo mac-address static mac-address interface-type interface-number bridge-domain bd-id vid vlan-id3
| Parameter | Description | Value |
|---|---|---|
| mac-address | Specifies the MAC address in the static MAC address entry. |
The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits. The MAC address cannot be FFFF-FFFF-FFFF, 0000-0000-0000, or a multicast MAC address. |
| interface-type interface-number.subnum | Specifies that the outbound interface in the static MAC address entry is a Layer 2 sub-interface. |
- |
| bd-id | Specifies the BD to which the outbound interface belongs. |
The value is an integer that ranges from 1 to 16777215. |
| default | Specifies that the outbound interface allows packets of the default type to pass. |
- |
| untag | Specifies that the outbound interface allows packets of the untag type to pass. |
- |
| vid vlan-id1 | Specifies the outer VLAN ID in the packets allowed to pass the outbound interface. |
The value is an integer that ranges from 1 to 4094. |
| ce-vid vlan-id2 | Specifies the inner VLAN ID in the packets allowed to pass the outbound interface. |
The value is an integer that ranges from 1 to 4094. |
| interface-type interface-number | Specifies that the outbound interface in the static MAC address entry is a specified interface. |
- |
| vid vlan-id3 | Specifies the ID of the VLAN to which the outbound interface belongs. |
The value is an integer that ranges from 1 to 4094. |
Usage Scenario
When the device creates a MAC address table by learning source MAC addresses, the device cannot distinguish packets from authorized and unauthorized users. This threatens network security. If an unauthorized user uses the MAC address of an authorized user as the source MAC address of attack packets and connects to another interface of the device, the device learns an incorrect MAC address entry. The device incorrectly forwards the packets to the unauthorized user. Actually, the packets should be forwarded to the authorized user. You can run the mac-address static bridge-domain command to add a static MAC address entry to the MAC address table on the VXLAN access side. The static MAC address entry binds the MAC address to a specified interface, which prevents unauthorized users from intercepting data of authorized users. In addition, a manually configured static MAC address entry improves the unicast packet forwarding efficiency and saves bandwidth.
PrerequisitesThe interface has been added to a BD.
# Configure a static MAC address entry on a VXLAN access-side interface. In the entry, the destination MAC address is aaaa-fccc-1212 and the flow encapsulation type of the outbound interface is dot1q.
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] port link-type hybrid [HUAWEI-GigabitEthernet0/0/1] quit [HUAWEI] bridge-domain 20 [HUAWEI-bd20] quit [HUAWEI] interface gigabitethernet 0/0/1.1 mode l2 [HUAWEI-GigabitEthernet0/0/1.1] encapsulation dot1q vid 6 [HUAWEI-GigabitEthernet0/0/1.1] bridge-domain 20 [HUAWEI-GigabitEthernet0/0/1.1] quit [HUAWEI] mac-address static aaaa-fccc-1212 GigabitEthernet 0/0/1.1 bridge-domain 20 vid 6
# Configure a static MAC address entry on the VXLAN access-side interface. In the entry, the destination MAC address is aaaa-fccc-1213 and the outbound interface is added to a BD by the VLAN.
<HUAWEI> system-view [HUAWEI] vlan 8 [HUAWEI-vlan8] quit [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] port link-type hybrid [HUAWEI-GigabitEthernet0/0/1] port hybrid tagged vlan 8 [HUAWEI-GigabitEthernet0/0/1] quit [HUAWEI] bridge-domain 30 [HUAWEI-bd30] l2 binding vlan 8 [HUAWEI-bd30] quit [HUAWEI] mac-address static aaaa-fccc-1213 GigabitEthernet 0/0/1 bridge-domain 30 vid 8