sticky-mac enable

Function

The sticky-mac enable command enables the sticky MAC function.

The undo sticky-mac enable command disables the sticky MAC function.

By default, the sticky MAC function is disabled.

Format

sticky-mac enable

undo sticky-mac enable

Parameters

None

Views

Bridge domain view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
mac write

Usage Guidelines

Usage Scenario

MAC spoofing attacks may occur on an EVPN. After sticky MAC address identification is enabled in a BD, all dynamic MAC address entries in the BD are configured with sticky flags. MAC addresses with sticky flags are considered trusted. In this case, the interface cannot learn MAC addresses with the same MAC address but without stickiness flags from other interfaces in the same bridge domain. This prevents the interface from receiving attack packets.

Prerequisites

  • Run:bridge-domain <bd-id>A BD is created, or the BD instance view is displayed.
  • Run the evpn binding vpn-instance <evpnName> command to bind a BD to the EVPN instance.

Precautions

  • When the sticky MAC function is enabled or disabled, the MAC addresses learned locally are deleted, and the MAC addresses learned again are learned according to the configured attributes.
  • Ensure that the MAC address learned for the first time is secure.

Example

# Enable the sticky MAC function in a BD.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] evpn binding vpn-instance test
[*HUAWEI-bd10] sticky-mac enable
Parent Topic: MAC Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >