This section describes how to configure static and static black-hole MAC address entries. After a static MAC address entry is configured, the packet with the specified destination MAC address is forwarded from the specified interface. This process prevents a device from being attacked by forged MAC addresses. After a black-hole MAC address entry is configured, the packet with a specific destination MAC address is discarded. This process prevents hackers from using MAC addresses to attack networks.
If a network has fixed users or an important server is connected to the device on the network, configure static MAC address entries on the device to prevent hackers from attacking the device or the server.
To prevent invalid MAC address entries (for example, unauthorized users' MAC address entries) from occupying the space of a MAC address table and prevent hackers from using MAC addresses to attack user devices or networks, configure the MAC addresses of untrustworthy users as static black-hole MAC addresses and discard packets with these untrustworthy MAC addresses as the destination MAC addresses.
The system view is displayed.
A static MAC address entry based on a VSI is configured.
A static black-hole MAC address entry is configured.
The configuration is committed.