To protect a network against attacks using MAC addresses, configure static blackhole MAC address entries to discard packets with the specified destination MAC addresses.
To prevent invalid MAC address entries, such as those of unauthorized users, from occupying a MAC address table and prevent hackers from attacking user devices or networks using MAC addresses, configure the MAC addresses of untrusted users as blackhole MAC addresses to discard packets destined for such MAC addresses.
Before configuring static blackhole MAC address entries, connect interfaces and set their physical parameters to ensure that the physical status of the interfaces is Up.
The system view is displayed.
The static blackhole MAC address entries are configured.
The configuration is committed.
Run the following commands to check the previous configurations.
Run the display mac-address [ mac-address ] [ vlan vlan-id | vsi vsi-name ] [ verbose ] command to check detailed information about MAC address entries.
Run the display mac-address blackhole [ vlan vlan-id | vsi vsi-name ] [ verbose ] command to check static blackhole MAC address entries.