Optional) Configuring Mac Address Security On An Interface - Huawei Quidway S2700 Series Configuration Manual
Hide thumbs
Also See for Quidway S2700 Series:
- Configuration manual (354 pages) ,
- Hardware installation and maintenance manual (183 pages) ,
- Quick start manual (62 pages)
Table of Contents
Advertisement
Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
3.6.4 (Optional) Configuring MAC Address Security on an Interface
MAC addresses of DHCP users in the dynamic binding table can be converted to static MAC
addresses, and packets of these users can be forwarded. MAC addresses of static users in the
static binding table cannot be converted to static MAC addresses. Therefore, you need to
configure static MAC addresses for the static users to have the packets forwarded normally.
Context
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number
The interface view is displayed.
The interface is a user-side interface.
Step 3 Run:
dhcp snooping sticky-mac
MAC address security of DHCP snooping is enabled on the interface.
By default, MAC address security of DHCP snooping is disabled on the S2700.
The dhcp snooping sticky-mac command takes effect only after DHCP snooping is enabled
globally.
If the dhcp snooping sticky-mac command is run, the interface neither learns the MAC address
of the received IP packet nor forwards or sends the received IP packet. The DHCP messages
received by the interface are sent to the CPU of the main control board, and then a dynamic
binding table is generated. After the dynamic binding table is generated, static MAC addresses
are sent to the corresponding interface. That is, dynamic MAC addresses are converted to static
MAC addresses. The static MAC address entry includes information about the MAC address
and VLAN ID of the user. Subsequently, only the packets whose source MAC address matches
the static MAC address can pass through the interface; otherwise, the packets are discarded.
MAC addresses of static users in the static binding table cannot be converted to static MAC
addresses. You need to configure static MAC addresses for the static users to have the packets
forwarded normally.
Step 4 (Optional) Run:
undo mac-address snooping [ interface-type interface-number [ vlan vlan-id ] |
vlan vlan-id [interface-type interface-number ] ]
The static MAC entries converted from dynamic binding entries by the dhcp snooping sticky-
mac command are deleted.
----End
Issue 01 (2011-07-15)
NOTE
The S2700SI does not support configuring MAC address security on an interface.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 DHCP Snooping Configuration
94
Advertisement
Table of Contents
