Manualshelf

HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
71727374757677787980
55
Figure 37 Setting the aging time for dynamic MAC address entries
Configuring the MAC address table at the CLI
Configuring static, dynamic, and destination blackhole MAC
address entries
To prevent MAC address spoofing attacks and improve port security, manually add MAC address entries
to bind ports with MAC addresses. You can also configure destination blackhole MAC address entries to
filter out packets with certain destination MAC addresses.
Manually configured static MAC address entries have higher priority than automatically learned ones. If
a packet with a manually configured static MAC address as the source MAC address enters the firewall
on a different port from that in the static MAC address entry, it is dropped.
Manually configured dynamic MAC address entries have the same priority as automatically learned
ones. If a packet with a manually configured dynamic MAC address as the source MAC address enters
the firewall on a different port from that in the dynamic MAC address entry, the system will learn a new
MAC address entry and use the learned one to overwrite the manually configured dynamic one.
When you configure a dynamic MAC address entry, if an automatically learned MAC address entry with
the same MAC address but a different outgoing port already exists, the manually configured one does
not take effect.
Adding or modifying a static or dynamic MAC address entry in system view
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Add or modify a
dynamic or static
MAC address entry.
mac-address { dynamic | static }
mac-address interface interface-type
interface-number vlan vlan-id
By default, no MAC address entry is
configured.
Make sure you have created the VLAN
and assigned the interface to the VLAN.
Adding or modifying a static or dynamic MAC address entry in interface view
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 2 Ethernet or Layer
2 aggregate interface view.
interface interface-type
interface-number
N/A