mac-address source-check discard

Function

The mac-address source-check discard command enables a device to discard packets with invalid source addresses.

The undo mac-address source-check discard command disables a device from discarding packets with unknown source addresses in a bridge domain.

By default, reverse address check is disabled.

Format

mac-address source-check discard

undo mac-address source-check discard

Parameters

None

Views

Bridge domain view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
mac write

Usage Guidelines

Usage Scenario

MAC spoofing attacks may occur on an EVPN. In a BD, if a sticky MAC address is configured, packets with the same MAC address received from other interfaces in the BD are discarded to prevent packet attacks.

Prerequisites

  • Run the bridge-domain command to create a BD or enter the BD instance view.
  • Run the evpn binding vpn-instance command to bind an EVPN instance to a BD.

Precautions

This function takes effect only for EVPN remote static MAC addresses and sticky MAC addresses.

Example

# Enable the function of discarding packets with invalid source addresses in a BD.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] evpn binding vpn-instance test
[*HUAWEI-bd10] mac-address source-check discard
Parent Topic: MAC Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >