Manualshelf

R2511-HP MSR Router Series Layer 2 - LAN Switching Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
12345678910
2
To improve port security, you can bind specific user devices to the port by manually adding MAC address
entries to the MAC address table of the device.
Types of MAC address entries
A MAC address table can contain the following types of entries:
Static entries—Manually added and never age out.
Dynamic entries—Manually added or dynamically learned, and might age out.
Destination Blackhole entries—Manually configured and never age out. Destination blackhole
entries are configured for filtering out frames with specific destination MAC addresses. For example,
to block all packets destined for a specific user for security concerns, you can configure the MAC
address of this user as a destination blackhole MAC address entry.
A static or destination blackhole MAC address entry can overwrite a dynamic MAC address entry, but
not vice versa.
To adapt to network changes and prevent inactive entries from occupying table space, an aging
mechanism is adopted for dynamic MAC address entries. Each time a dynamic MAC address entry is
learned or created, an aging timer starts. If the entry has not updated when the aging timer expires, the
device deletes the entry. If the entry has updated before the aging timer expires, the aging timer restarts.
Configuring static, dynamic, and destination
blackhole MAC address entries
To prevent MAC address spoofing attacks and improve port security, manually add MAC address entries
to bind ports with MAC addresses. You can also configure destination blackhole MAC address entries to
filter out packets with certain destination MAC addresses.
The MAC address table can contain only Layer 2 Ethernet ports.
Adding or modifying a static or dynamic MAC address entry in
system view
Step Command Remarks
1. Enter system view.
system-view N/A
2. Add or modify a
dynamic or static
MAC address entry.
mac-address { dynamic | static } mac-address
interface interface-type interface-number vlan vlan-id
By default, no MAC
address entry is
configured.
Make sure you have
created the VLAN and
assigned the interface to
the VLAN.