Disabling Mac Address Learning In A Vlan; Checking The Configuration; Limiting The Number Of Learned Mac Addresses - Huawei Quidway S7700 Configuration Manual - Ethernet

Quidway S7700 Smart Routing Switch
Configuration Guide - Ethernet
----End

7.6.3 Disabling MAC Address Learning in a VLAN

Disabling MAC address learning in a VLAN can protect users in this VLAN from MAC address
attacks.
Context
After MAC address learning is disabled in a VLAN, the S7700 checks source MAC addresses
of packets received by interfaces in the VLAN. If the source MAC address of a packet is in the
MAC address table, the S7700 forwards the packet; otherwise, the S7700 broadcasts the packet.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
vlan vlan-id
The VLAN view is displayed.
Step 3 Run:
mac-address learning disable
MAC address learning is disabled in the VLAN.
By default, MAC address learning is enabled in a VLAN.
----End

7.6.4 Checking the Configuration

After disabling MAC address learning on an interface or in a VLAN, use the following
commands to verify the configuration.
Procedure
l
l
----End

7.7 Limiting the Number of Learned MAC Addresses

This section describes how to limit the number of MAC addresses learned on an interface, in a
VLAN, in a slot, or in a VSI.
Issue 01 (2011-07-15)
NOTE
If you set the action to forward when disabling MAC address learning, untrusted terminals can still access
the network. This action only controls the number of learned MAC address entries.
Run the display current-configuration interface interface-type interface-number
command to view the current configuration of an interface.
Run the display vlan command to check the VLAN configuration.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7 MAC Address Table Configuration
352