beautypg.com

H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 28

background image

19

Configuring static, dynamic, and blackhole MAC address
table entries

To fence off MAC address spoofing attacks and improve port security, you can manually add MAC
address table entries to bind ports with MAC addresses.
You can also configure blackhole MAC address entries to filter out packets with certain source or

destination MAC addresses.
Follow these steps to add or modify a static, dynamic, or blackhole MAC address table entry in system
view:

To do…

Use the command…

Remarks

Enter system view

system-view

Add or modify a dynamic or
static MAC address entry

mac-address { dynamic | static } mac-address
interface interface-type interface-number vlan

vlan-id

Required
Use either command.
Ensure that you have
created the VLAN and

assign the interface to the

VLAN.

Add or modify a blackhole
MAC address entry

mac-address blackhole mac-address vlan vlan-id

Follow these steps to add or modify a static or dynamic MAC address table entry in interface view:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter Layer 2
Ethernet/VE/aggregate interface
view

interface interface-type
interface-number

Add or modify a static or dynamic
MAC address entry

mac-address { dynamic | static }
mac-address vlan vlan-id

Required
Ensure that you have created the
VLAN and assign the interface to

the VLAN.

Configuring the aging timer for dynamic MAC address entries

The MAC address table uses an aging timer for dynamic MAC address entries for security and efficient

use of table space. If a dynamic MAC address entry has failed to update before the aging timer expires,

the device deletes the entry. This aging mechanism ensures that the MAC address table could promptly

update to accommodate latest network changes.
Set the aging timer appropriately. Too long am aging interval may cause the MAC address table to

retain outdated entries, exhaust the MAC address table resources, and fail to update its entries to

accommodate the latest network changes. Too short an interval may result in removal of valid entries,

causing unnecessary broadcasts, which may affect device performance.
Follow these steps to configure the aging timer for dynamic MAC address entries:

To do…

Use the command…

Remarks

Enter system view

system-view

See also other documents in the category H3C Technologies Routers: