Creating Blackhole FDB Entries
A blackhole
FDB (forwarding database)
entry discards all packets addressed to or received from the specified MAC address. A
significant difference between the above
ACL (Access Control List) policy and the
create fdb command
blackhole option is the hardware used to implement the feature. Platforms with
limited hardware ACL table sizes are able to implement this feature using the FDB table
instead of an ACL table.
To create a blackhole FDB entry, use the command:
create fdb mac_addr
vlan
vlan_name [ports
port_list | blackhole]
There is no software indication or notification when packets
are discarded because they match blackhole entries.
The blackhole option is also supported through
access lists.
Note
Blackhole is not supported on port-specific VLAN tags.
For example, the following ACL policy would
also blackhole traffic destined to or sourced from a specific MAC
address:
entry blackhole_dest {
if {
ethernet-destination-address 00:00:00:00:00:01;
} then {
deny;
}
}
entry blackhole_source {
if {
ethernet-source-address 00:00:00:00:00:01;
} then {
deny;
}
}
Print
this page
Email this topic
Feedback
View PDF
Download EPUB