MAC spoofing attacks may occur on an EVPN. After sticky MAC address identification is enabled in a BD, all dynamic MAC address entries in the BD are configured with sticky flags. MAC addresses with sticky flags are considered trusted. In this case, the interface cannot learn MAC addresses with the same MAC address but without stickiness flags from other interfaces in the same bridge domain. This prevents the interface from receiving attack packets.
Prerequisites
Run:bridge-domain <bd-id>A BD is created, or the BD instance view is displayed.
Run the evpn binding vpn-instance <evpnName> command to bind a BD to the EVPN instance.
Precautions
When the sticky MAC function is enabled or disabled, the MAC addresses learned locally are deleted, and the MAC addresses learned again are learned according to the configured attributes.
Ensure that the MAC address learned for the first time is secure.