Background Information
To prevent hackers from attacking user devices or networks through MAC addresses, you can configure the MAC addresses of untrusted users as blackhole MAC addresses to filter out illegal MAC addresses. When the device receives a packet whose destination MAC address or source MAC address is a blackhole MAC address, it discards it directly.
Steps
- Run the system-view command to enter the system view.
- Run the mac-address blackhole mac-address [ vlan vlan-id ] command to add a blackhole MAC entry.
Check configuration results
Run the display mac-address blackhole command to check the configured blackhole MAC entries.
The command is as follows:
[Huawei] mac-address blackhole MAC address
You can also restrict the device from accessing the Internet in certain areas by adding VLAN restrictions, such as:
[Huawei] mac-address blackhole MAC address VLAN1
In this way, when the frame whose source or destination is the MAC address is received from the data whose source is VLAN1, it will be discarded automatically. In this way, the device with the MAC address can be prohibited from accessing the Internet in some networks.