Manualshelf

HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
81828384858687888990
58
The MAC address of Host B is 000f-e235-abcd and belongs to VLAN 1. For security, because this
host once behaved suspiciously on the network, add a destination blackhole MAC address entry for
the host MAC address, so all packets destined for the host are dropped.
Set the aging timer for dynamic MAC address entries to 500 seconds.
Figure 38 Network diagram
Configuration procedure
# Add a static MAC address entry.
<Firewall> system-view
[Firewall] mac-address static 000f-e235-dc71 interface gigabitethernet 0/1 vlan 1
# Add a destination blackhole MAC address entry.
[Firewall] mac-address blackhole 000f-e235-abcd vlan 1
# Set the aging timer for dynamic MAC address entries to 500 seconds.
[Firewall] mac-address timer aging 500
# Display the MAC address entry for port GigabitEthernet 0/1.
[Firewall] display mac-address interface gigabitethernet 0/1
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
000f-e235-dc71 1 Config static GigabitEthernet 0/1 NOAGED
--- 1 mac address(es) found ---
# Display information about the destination blackhole MAC address table.
[Firewall] display mac-address blackhole
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
000f-e235-abcd 1 Blackhole N/A NOAGED
--- 1 mac address(es) found ---
# View the aging time of dynamic MAC address entries.
[Firewall] display mac-address aging-time
Mac address aging time: 500s