If user networks are connected through Layer-2 devices and do not forward data through Layer-3 routing, you can configure a MAC address table based on Layer-2 interfaces and VLANs for data forwarding. Thus, user networks can communicate with each other.
To enhance the security of an interface and to prevent the invalid users from accessing the interface, the network administrator can manually configure static MAC address entries and bind MAC addresses to the interface, or discard the packets with specified destination MAC addresses. The interface to which the MAC addresses are bound must be a Layer-2 interface, and must be added to a specified VLAN, or the interface allows the packets with specified VLAN IDs to pass through.
system-view
mac-address static mac-address interface-type interface-number vlan vlan-id [ ce-vlan ce-vlan ]
You can add only unicast MAC addresses rather than multicast MAC addresses and special MAC addresses to a MAC address table. Special MAC addresses are reserved for special usage, such as MAC addresses of special packets.
The interface type can be physical interface such as Ethernet interface and GE interface, or logical interface such as Eth-Trunk interface and MAC-Tunnel. The interface specified in this command must be an outbound interface for Layer-2 forwarding.
The vlan-id must be associated with ports. That is, the VLAN contains the port. Alternatively, this interface allows the VLAN to pass through.
mac-address blackhole mac-address vlan vlan-id