Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 76
51
For security, add a destination blackhole MAC address entry for Host B’s MAC address, so that all
packets destined for Host B will be dropped.
Set the aging timer for dynamic MAC address entries to 500 seconds.
Configuration procedure
NOTE:
Before making the following configurations, check whether GigabitEthernet 0/1 operates in router mode.
If yes, change its operating mode to bridge mode (To do that, select Device Management > Interface from
the navigation tree, and then find and select GigabitEthernet 0/1 to configure it accordingly); in addition,
specify the security zone to which GigabitEthernet 0/1 belongs.
# Create a static MAC address entry.
•
Select Network > MAC > MAC from the navigation tree to enter the MAC address table display
page, click Add, and make the following configurations on the page as shown in
.
Figure 35 Creating a static MAC address entry
•
Enter MAC address 000f-e235-dc71.
•
Select static in the Type list.
•
Select 1 in the VLAN list.
•
Select GigabitEthernet0/1 in the Port list.
•
Click Apply.
# Create a blackhole MAC address entry.
•
Click Add, and make the following configurations on the page as shown in
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer