Huawei SmartAX MA5616 Configuration Manual page 98

SmartAX MA5616 Multi-service Access Module
Configuration Guide
MA5616 does not support direct binding of a MAC address to a port. Instead, you need to
configure static MAC address entries for the port and set its maximum number of learnable MAC
addresses to 0.
The anti-MAC address spoofing function prevents unauthorized users from forging the MAC
addresses of authorized users. This function protects the services of authorized users. Anti-MAC
address spoofing is mainly used for Point-to-Point Protocol over Ethernet (PPPoE) and Dynamic
Host Configuration Protocol (DHCP) access users.
Procedure
l
l
----End
Example
Assume that:
Issue 04 (2011-10-30)
The procedure for binding a MAC address is as follows:
1. Run the mac-address static command to configure a static MAC address for a port.
2. Run the mac-address max-mac-count command to set the maximum number of
learnable MAC addresses of the port to 0.
The maximum number of learnable MAC addresses of a port limits the maximum
number of MAC addresses that can be learned under the same account. This parameter
also limits the maximum number of PCs that can access the network by using the same
account.
The procedure for configuring anti-MAC address spoofing is as follows:
NOTE
It is recommended that anti-MAC address spoofing be enabled to ensure device security.
Anti-MAC address spoofing can be enabled or disabled at tow levels. This function takes
effect only when it is enabled at both the tow levels.
– Global level:
Run the security anti-macspoofing command to configure global anti-MAC address
spoofing. By default, this level is disabled.
– VLAN level:
1. Run the vlan service-profile command to create a virtual local area network
(VLAN) service profile and enter VLAN service profile mode.
2. Run the security anti-macspoofing command to configure VLAN-level anti-
MAC address spoofing. By default, this level is disabled.
3. Run the commit command to make the profile configuration take effect. The
configuration of the VLAN service profile takes effect only after this command is
executed.
4. Run the quit command to exit the VLAN service profile mode.
5. Run the vlan bind service-profile command to bind the VLAN service profile
created in step
NOTE
If a user goes online before anti-MAC address spoofing is enabled, the system does not bind the MAC
address of this user. As a result, the service of this user will be interrupted, and this user needs to go offline
and then go online again. Only the MAC address of the user who goes online after anti-MAC address
spoofing is enabled can be bound.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1 to the VLAN.
3 Basic Configuration
87