Types Of Mac Address Table Entries; Configuring Static, Dynamic, And Blackhole Mac Address Table Entries; Adding Or Modifying A Static Or Dynamic Mac Address Table Entry In System View - HP 6600 Configuration Manual
Hide thumbs
Also See for 6600:
- Security configuration manual (559 pages) ,
- Command reference manual (286 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
Manually configuring MAC address entries
With dynamic MAC address learning, a device does not distinguish between illegitimate and legitimate
frames. For example, when a hacker sends frames with a forged source MAC address to a port different
from the one to which the real MAC address is connected, the device creates an entry for the forged
MAC address, and forwards frames destined for the legal user to the hacker instead.
To improve port security, you can bind specific user devices to the port by manually adding MAC address
entries to the MAC address table of the device.
Types of MAC address table entries
A MAC address table can contain the following types of entries:
•
Static entries—Manually added and never age out.
Dynamic entries—Manually added or dynamically learned, and might age out.
•
Destination blackhole entries—Manually configured and never age out. They are configured for
•
filtering out frames with specific destination MAC addresses. For example, to block all packets
destined for a specific user for security concerns, you can configure the MAC address of this user
as a destination blackhole MAC address entry.
A static or destination blackhole MAC address entry can overwrite a dynamic MAC address entry, but
not vice versa.
To adapt to network changes and prevent inactive entries from occupying table space, an aging
mechanism is adopted for dynamic MAC address entries. Each time a dynamic MAC address entry is
learned or created, an aging timer starts. If the entry has not updated when the aging timer expires, the
device deletes the entry. If the entry has updated before the aging timer expires, the aging timer restarts.
Configuring static, dynamic, and blackhole MAC
address table entries
To prevent MAC address spoofing attacks and improve port security, manually add MAC address table
entries to bind ports with MAC addresses. You can also configure blackhole MAC address entries to filter
out packets with certain destination MAC addresses.
The MAC address table can contain only Layer 2 Ethernet ports and Layer 2 aggregate interfaces.
Adding or modifying a static or dynamic MAC address table
entry in system view
Step
1.
Enter system view.
2.
Add or modify a
dynamic or static
MAC address entry.
Command
system-view
mac-address { dynamic | static }
mac-address interface interface-type
interface-number vlan vlan-id
2
Remarks
N/A
By default, no MAC address entry is
configured.
Make sure you have created the VLAN
and assigned the interface to the VLAN.
Advertisement
Table of Contents
