Creating Blackhole FDB Entries
A blackhole FDB entry discards all packets
addressed to or received from the specified MAC address. A significant difference between the
above ACL policy and the create fdb command blackhole option is the hardware used to implement the feature. Platforms with
limited hardware ACL table sizes (for example, BlackDiamond 8800 series switches) are able to
implement this feature using the FDB table instead of an ACL table.
To create a blackhole FDB entry, use the command:
create fdb mac_addr
vlan
vlan_name [ports
port_list | blackhole]
There is no software indication or notification when packets
are discarded because they match blackhole entries.
The blackhole option is also supported through
access lists.
Note
Blackhole is not supported on port-specific VLAN tags.
For example, the following ACL policy would
also blackhole traffic destined to or sourced from a specific MAC
address:
entry blackhole_dest {
if {
ethernet-destination-address 00:00:00:00:00:01;
} then {
deny;
}
}
entry blackhole_source {
if {
ethernet-source-address 00:00:00:00:00:01;
} then {
deny;
}
}
Print
this page
Email this topic
Feedback
View PDF
Download EPUB