FS S5500-48T8SP User manual
Model: S5500-48T8SP
MACFF Configuration Guide
- I -
Chapter 1 MACFF Settings .................................................................................................................1
1.1 Configuration Tasks ...............................................................................................................1
1.1.1 Enabling/Disabling MVC .............................................................................................1
1.1.2 Enabling MACFF in VLAN...........................................................................................1
1.1.3 Configuring the Default AR of MACFF in VLAN..........................................................2
1.1.4 Configuring Other ARs of MACFF in VLAN ................................................................2
1.1.5 Specifying a Physical Port to Shut down MACFF.......................................................2
1.1.6 Opening MACFF Debugging.......................................................................................3
1.1.7 MACFF Configuration Example ..................................................................................3
www.fs.com
Contents
S5500-48T8SP MACFF CONFIGURATION GUIDE
- 1 -
Chapter 1 MACFF Settings
1.1 Configuration Tasks
MACFF is to isolate downlink ports of the same VLAN in a switch from exchanging
inter-access packets, enabling these packets to be allocated to the default
gateway of client through DHCP server and then to downlink ports. By capturing
the ARP packets between downlink ports, MACFF can prevent downlink ports from
learn ARPs; MACFF replies the gateway’s MAC address, enabling all inter-access
packets among all downlink ports to pass through the gateway.
Note: MACFF needs the support of DHCPR-snooping, so before enabling MACFF
you have to make sure that DHCPR-snooping works normally. ICMP redirection on
the gateway is closed by default. The VLAN management address must be
configured for MACFF-enabled switch.
Enabling or Disabling MACFF
Enabling MACFF in VLAN
Configuring the Default AR of MACFF in VLAN
Configuring other ARs of MACFF in VLAN
Specifying a Physical Port to Shut down MACFF
1.1.1 Enabling/Disabling MVC
Run the following commands in global configuration mode.
Command Purpose
macff enable Enables MACFF.
no macff enable Resumes the default settings.
This command is used to enable MACFF in global configuration mode.After this
command is run, all ARP packets are listened by switch.
Note: You have to make sure that DHCP-Snooping is enabled before configuring
this command. If the client obtains the address of a switch before this command is
run, the switch cannot add the corresponding binding relationship.
1.1.2 Enabling MACFF in VLAN
If MACFF is enabled in a VLAN, the DHCP packets which are received from all
DHCP-snooping untrusted physical ports in a VLAN will be legally checked.
If the destination IP address is the IP address of any DHCP client, on which the
physical port that receives the ARP packets is located, these ARP packets will be
dropped; if these are ARP response packets, these packets will also be dropped.
Note: The VLAN on which MACFF is enabled must be configured to have a
management address. DHCP snooping shall also be enabled on this VLAN.
Run the following commands in global configuration mode.
Command Purpose
macff vlan vlan_id enable Enables MACFF in a VLAN.
www.fs.com
S5500-48T8SP MACFF CONFIGURATION GUIDE
- 2 -
no macff vlan vlan_id enable Disables MACFF in a VLAN.
1.1.3 Configuring the Default AR of MACFF in VLAN
When you set the address on client manually, the switch shall automatically
enables default AR as the MACFF-specified default gateway. There is only one
default AR.
Run the following commands in global configuration mode.
Command Purpose
macff vlan vlan_id default-ar A.B.C.D Sets the defaultAR of MACFF in VLAN.
no macff vlan vlan_id default-ar A.B.C.D Deletes the default AR of MACFF in VLAN.
Note: Before configuring this command, you can run ip source binding
xx-xx-xx-xx-xx-xx A.B.C.D interface name to add the client binding table on the
switch. If you do not do this, MACFF will regard the manually configured client as
illegal client and MACFF will not serve this client.
1.1.4 Configuring Other ARs of MACFF in VLAN
After other ARs of MACFF are configured, MACFF allows DHCP client to access
these ARs directly without forwarding packets via the default gateway allocated by
DHCP server.
This function can be applied on some servers in the network segment of client or
on other service addresses.
Run the following commands in global configuration mode.
Command Purpose
macff vlan vlan_id other_ar A.B.C.D Configures other ARs of MACFF in VLAN.
no macff vlan vlan_id other_ar A.B.C.D Deletes other ARs of MACFF in VLAN.
1.1.5 Specifying a Physical Port to Shut down MACFF
If you specify a physical port to close MACFF, packets on this port will not be
isolated and ARP packets will not be listened.
Run the following commands in physical interface configuration mode.
Command Operation
macff disable Specifies a physical port to shut down
MACFF.
no macff disable Specifies a physical port to enable MACFF
(it is enabled by default).
In default settings, the ports are allowed to enable MACFF.
www.fs.com
S5500-48T8SP MACFF CONFIGURATION GUIDE
- 3 -
1.1.6 Opening MACFF Debugging
Run the following commands in global configuration mode.
Command Operation
debug macff Opens MACFF debugging.
no debug macff Closes MACFF debugging.
1.1.7 MACFF Configuration Example
The network topology is shown in figure 1.
Switch configuration:
(1) Enable MACFF in VLAN1, which connects private network A. The default
gateway allocated by DHCP server is 192.168.2.1.
Switch_config#arp 192.168.2.1 00:e0:0f:17:92:ed
Switch_config#ip dhcp-relay snooping
Switch_config#ip dhcp-relay snooping vlan 1
Switch_config#macff enable
Switch_config#macff vlan 1 enable
(2) Enable MACFF in VLAN2, which connects private network B. The default
gateway allocated by DHCP server is 192.168.2.2 (If necessary, the default gateway
can also be 192.168.2.1).
Switch_config#arp 192.168.2.2 00:e0:0f:ea:74:ee
Switch_config#ip dhcp-relay snooping vlan 2
Switch_config#macff vlan 2 enable
www.fs.com
S5500-48T8SP MACFF CONFIGURATION GUIDE
- 4 -
Sets the ports that connect DHCP server, default gateway and other ARs
respectively to be trusted.
Switch_config_g0/1#dhcp snooping trust
(4) If the downlink host Aof VLAN 1 is manually configured IP and default gateway,
the IP address is 192.168.2.102 and the MAC address is 6c-62-6d-59-18-b7. The default
gateway, 192.168.2.1, enables MACFF to take effect. (If the client is not configured
manually, this step will not be performed))
Switch_config#arp 192.168.2.1 00:e0:0f:17:92:ed
Switch_config_g0/1#ip source binding 6c-62-6d-59-18-b7 192.168.2.102
interface GigaEthernet0/1
Switch_config_g0/1#macff vlan 1 default-ar 192.168.2.1
(5) Specify a physical port in MACFF-enabled VLAN to shut down MACFF.
Switch_config_g0/1#macff disable
(7) Configures other ARs that are in the same network segment of client. MACFF
allows the client to perform direct access without the help of gateway. (the ports where
other APs are should be set to trusted ports)
Switch_config_g0/1#macff disable
www.fs.com
S5500-48T8SP MACFF CONFIGURATION GUIDE
Copyright © 2009-2020 FS.COM AII Rights Reserved.
Other manuals for S5500-48T8SP
4
Table of contents
Other FS Switch manuals
Popular Switch manuals by other brands
TP-Link
TP-Link T3700G-28TQ Cli reference guide
Moxa Technologies
Moxa Technologies TN-5500A Series Quick installation guide
Cisco
Cisco Catalyst 2960 Series Hardware installation guide
HP
HP StorageWorks 2/32 - SAN Switch installation guide
Intellinet
Intellinet IPS-6GM02-60W user manual
Extron electronics
Extron electronics SW2 VGArs user manual
