mac-learning priority flapping-defend action
Function
The mac-learning priority flapping-defend action command configures an action to be taken when the switch is configured to prohibit MAC address flapping.
The undo mac-learning priority flapping-defend action command restores the default action when the switch is configured to prohibit MAC address flapping.
By default, the action is forward when the switch is configured to prohibit MAC address flapping.
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this configuration.
Format
mac-learning priority flapping-defend action { forward | discard }
undo mac-learning priority flapping-defend action
Parameters
Parameter |
Description |
Value |
|---|---|---|
| forward | Packets are forwarded when the switch is configured to prohibit MAC address flapping. |
- |
| discard | Packets are discarded when the switch is configured to prohibit MAC address flapping. |
- |
Usage Guidelines
Usage Scenario
An uplink interface of the switch is connected to a server, and a downlink interface is connected to a user. To prevent a malicious user from using a forged server's MAC address to attack the switch, run the mac-learning priority command in the interface view or the undo mac-learning priority allow-flapping command in the system view to prohibit MAC address flapping. A MAC address then will not be learned by multiple interfaces, and the malicious user cannot use the MAC address of a valid device to attack the switch. However, packets of the malicious user are still forwarded. You can configure the discard action to discard packets from the malicious user when MAC address flapping is prohibited.
Precautions
- If the mac-learning priority or undo mac-learning priority allow-flapping command is not used, the action specified using this command is invalid.
- This command is invalid for MAC addresses in a VSI.