mac-spoofing-defend enable (system view)
Function
The mac-spoofing-defend enable command enables global MAC spoofing defense.
The undo mac-spoofing-defend enable command disables global MAC spoofing defense.
By default, global MAC spoofing defense is disabled.
S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S do not support this command.
Usage Guidelines
Usage Scenario
User behaviors are uncontrollable; therefore, a user device may send bogus packets with the server MAC address to prevent other users from accessing the real server. To prevent such attacks, you can use the mac-spoofing-defend enable command to configure the network-side interface connected to the server as a trusted interface. The MAC address learned by the interface will not be learned by other interfaces. This prevents the attacks of bogus packets with the server MAC address.
Before configuring an interface as a trusted interface, you must use the mac-spoofing-defend enable command to enable global MAC spoofing defense.
Precautions
After you run the undo mac-spoofing-defend enable command in the system view to disable global MAC spoofing defense, the mac-spoofing-defend enable command cannot be used in the interface view.
On the S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735-S-I, and S5735S-S, after MAC spoofing defense is enabled globally, the real-time performance of MAC address flapping detection on the interfaces that are not enabled with MAC spoofing defense decreases.