Step 2 Configure the interface security function.
# Enable the interface security function.
[Quidway-GigabitEthernet1/0/1] port-security enable
Enable the sticky MAC function.
[Quidway-GigabitEthernet1/0/1] port-security mac-address sticky
# Configure the security protection action.
[Quidway-GigabitEthernet1/0/1] port-security protect-action protect
# Set the maximum number of MAC addresses that can be learned by the interface.
[Quidway-GigabitEthernet1/0/1] port-security max-mac-num 4
To enable the interface security function on other interfaces, repeat the preceding steps.
Step 3 Verify the configuration.
If PC1 is replaced by another PC, this PC cannot access the intranet of the company.
----End
Configuration Files
Configuration file of the Switch
#
sysname Quidway
#
vlan batch 10
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10
port-security enable
port-security protect-action protect
port-security mac-address sticky
port-security max-mac-num 4
#
return
7.14.5 Example for Configuring MAC Address Anti-Flapping
The MAC address anti-flapping function protects servers of an enterprise or VIP customers from
attacks.
Networking Requirements
As shown in Figure 7-10, employees of an enterprise need to access the server connected to a
Switch interface. If an attacker uses the server MAC address as the source MAC address to send
packets to another interface, the server MAC address is learned on the interface. Employees
cannot access the server, and important data will be intercepted by the attacker.
MAC address anti-flapping can be configured to protect the server from attacks.
Quidway S7700 Smart Routing Switch
Configuration Guide - Ethernet 7 MAC Address Table Configuration
Issue 01 (2011-07-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
377
To Next Page
Loading...
