HP VPN Firewall Appliances Network Management Configuration Guide
58
• The MAC address of Host B is 000f-e235-abcd and belongs to VLAN 1. For security, because this
host once behaved suspiciously on the network, add a destination blackhole MAC address entry for
the host MAC address, so all packets destined for the host are dropped.
• Set the aging timer for dynamic MAC address entries to 500 seconds.
Figure 38 Network diagram
Configuration procedure
# Add a static MAC address entry.
<Firewall> system-view
[Firewall] mac-address static 000f-e235-dc71 interface gigabitethernet 0/1 vlan 1
# Add a destination blackhole MAC address entry.
[Firewall] mac-address blackhole 000f-e235-abcd vlan 1
# Set the aging timer for dynamic MAC address entries to 500 seconds.
[Firewall] mac-address timer aging 500
# Display the MAC address entry for port GigabitEthernet 0/1.
[Firewall] display mac-address interface gigabitethernet 0/1
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
000f-e235-dc71 1 Config static GigabitEthernet 0/1 NOAGED
--- 1 mac address(es) found ---
# Display information about the destination blackhole MAC address table.
[Firewall] display mac-address blackhole
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
000f-e235-abcd 1 Blackhole N/A NOAGED
--- 1 mac address(es) found ---
# View the aging time of dynamic MAC address entries.
[Firewall] display mac-address aging-time
Mac address aging time: 500s