Creating Blackhole FDB Entries

A blackhole FDB (forwarding database) entry discards all packets addressed to or received from the specified MAC address. A significant difference between the above ACL (Access Control List) policy and the create fdb command blackhole option is the hardware used to implement the feature. Platforms with limited hardware ACL table sizes are able to implement this feature using the FDB table instead of an ACL table.
To create a blackhole FDB entry, use the command:
create fdb mac_addr vlan vlan_name [ports port_list | blackhole]

There is no software indication or notification when packets are discarded because they match blackhole entries.

The blackhole option is also supported through access lists.

Note

Note

Blackhole is not supported on port-specific VLAN (Virtual LAN) tags.
For example, the following ACL policy would also blackhole traffic destined to or sourced from a specific MAC address:
entry blackhole_dest {
if {
ethernet-destination-address 00:00:00:00:00:01;
} then {
deny;
}
}
entry blackhole_source {
if {
ethernet-source-address 00:00:00:00:00:01;
} then {
deny;
}
}