How to Configurate the MAC Address Table on ME60-X8?

Abstract
This topic will describe how to configurate the MAC Address Table Based on the VSI and Layer 3 Interface on Huawei router ME60-X8.
Configuring MAC Address Entries
To enhance the security of an interface and to prevent the unauthorized users from connecting to the interface, the network administrator can manually configure static MAC address entries and bind MAC addresses to the main interface or sub-interfaces, or discard the packets with specified destination MAC addresses. An interface that is bound to certain MAC addresses must be bound to a specified virtual switching instance (VSI).

Context

Perform the following steps on the equipment where the VSI is created:
 
Procedure
1, Run:
system-view
The system view is displayed.
2, Run:
mac-address static mac-address interface-type interface-number vsi vsi-name [ pe-vid pe-vid [ ce-vid ce-vid ] ]
MAC address entries are added.
Note the following:
  • You can add only unicast MAC addresses rather than multicast MAC addresses or special MAC addresses to a MAC address table. Special MAC addresses are reserved for special usage, such as MAC addresses of special packets.
  • The interface type can be Ethernet interface, Ethernet sub-interface, GE interface, GE sub-interface, Eth-Trunk interface, or Eth-Trunk sub-interface.
  •  Ensure that the interface in this command is bound to the VSI specified by vsi-name.
  •  When pe-vid is used, the interface specified by interface-type interface-numbermust be a sub-interface. In addition, this sub-interface must be configured with dot1q termination, qinq stacking or vlan-type dot1q and bound to the VSI.
NOTE:
The parameter pe-vid must be configured when configuring static MAC address entries based on the sub-interface of qinq stacking, or the traffic would be blocked.
  • When pe-vid and ce-vid are used, the interface specified by interface-typeinterface-number must be a sub-interface. In addition, this sub-interface must be configured with QinQ termination and bound to the VSI.
  • A maximum of 1024 non-dynamic entries can be added.
3, Run:
mac-address blackhole mac-address vsi vsi-name
The blackhole MAC address entry is configured.
 
Follow-up Procedure
After a board or an interface card is removed, the static MAC address entries configured on its interfaces are saved as temporary MAC address entries. If the board or interface card is re-inserted, the static MAC address entries are restored.
 
However, if the board or interface card do not need to be re-inserted, the temporary MAC address entries are useless and still occupy the MAC address resources of the system. In this situation, run the undo mac-address temporary command to delete all temporary MAC address entries in the system.
Configuring MAC Address Entries Based on the VLANIF Interface
The PEs that are connected to the virtual private LAN service (VPLS) network are Layer 2 switching devices with Layer 2 interfaces. To enable the packets from the PEs to be transmitted on the VPLS network, you need to configure VLANIF interfaces, and bind the VLANIF interfaces to virtual switching instances (VSI) to access the VPLS network. Configuring a MAC address table based on VLANIF interfaces can prevent unauthorized users from connecting to the device.
 
Context
 
Perform the following steps on the equipment where the VSI is created:
 
Procedure
 
1, Run:
 
system-view
The system view is displayed.
 
2, Run:
 
mac-address static mac-address interface-type interface-number vlanif interface-number vsi vsi-name
MAC address entries are added.
 
Note the following:
  • You can add only unicast MAC addresses rather than multicast MAC addresses or special MAC addresses to a MAC address table. Special MAC addresses are reserved for special usage, such as MAC addresses of special packets.
  • The interface-type can be Ethernet interface, GE interface, or Eth-Trunk interface.
  • The interface specified by interface-type interface-number is added to the VLAN corresponding to the VLANIF interface, and the VLANIF interface is bound to the specified VSI.
  • A maximum of 1024 non-dynamic entries can be added.
3, Run:
 
mac-address blackhole mac-address { vlan vlan-id | vsi vsi-name 
The blackhole MAC address entry is configured.
Checking the Configurations
After the MAC address table based on Layer 3 interfaces and VSIs is successfully configured, you can view the destination MAC addresses, outbound interfaces, and MAC address types.
 
Prerequisites
 
The MAC address table based on the VSI and layer 3 interface has been configured.
 
Procedure
  • Run the following commands to check information about all MAC address entries.
  • Run the display mac-address mac-address [ vlan vlan-id | vsi vsi-name ] [ verbose ] command.
  • Run the display mac-address [ { vlan vlan-id | vsi vsi-name } | interface-type interface-number ] * [ verbose ] command.
Run the display mac-address blackhole[ vlan vlan-id | vsi vsi-name ] to check information about black-hole MAC address entries.
Run the display mac-address static[ { vlan vlan-id | vsi vsi-name } | interface-type interface-number ] * [ verbose ] to check information about static MAC address entries.
Run the following commands to check information about dynamic MAC address entries.
  • Run the display mac-address dynamic [ [ slot ] slot-id | source-slot source-slot-id] * [ verbose ] command.
  • Run the display mac-address dynamic [ [ slot ] slot-id ] { { vlan vlan-id | vsi vsi-name } | interface-type interface-number } * [ verbose ] command.
END

Tags