Netgear XCM8806 - 8800 SERIES 6-SLOT CHASSIS SWITCH ユーザーズマニュアル

Chapter 10. FDB

283

NETGEAR 8800 User Manual

Creating Blackhole FDB Entries

A blackhole FDB entry discards all packets addressed to or received from the specified MAC
address. To create a blackhole FDB entry, use the following command:

create fdbentry <mac_addr> vlan <vlan_name> [ports <port_list> | blackhole]

There is no software indication or notification when packets are discarded because they
match blackhole entries.

The

blackhole

option is also supported through access lists. For example, the following ACL

policy would also blackhole traffic destined to or sourced from a specific MAC address:

entry blackhole_dest {

if {

ethernet-destination-address 00:00:00:00:00:01;

} then {

deny;

}

entry blackhole_source {

if {

ethernet-source-address 00:00:00:00:00:01;

} then {

deny;

}

A significant difference between the above ACL policy and the

create fdbentry

command

blackhole

option is the hardware used to implement the feature. Platforms with limited

hardware ACL table sizes are able to implement this feature using the FDB table instead of
an ACL table.

Multicast FDB with Multiport Entry

On NETGEAR 8800 series switches you can create FDB entries to multicast MAC addresses
(that is, 01:00:00:00:00:01) and list one or more ports. Use the

create fdbentry <mac_addr>

vlan <vlan_name> [ports <port_list> | blackhole]

command to enter the multicast FDB

address. After traffic with a multicast MAC destination address enters the switch, that traffic is
multicast to all ports on the list.

However, if the MAC address is in the IP multicast range (for example, 01:00:5e:XX:XX:XX),
IGMP snooping rules take precedence over the multicast static FDB entry. Of course, if you
disable IGMP snooping on all VLANs, the static FDB entry forwards traffic.

On NETGEAR 8800 modules, you can also add a multiport list to the creation of a static FDB
unicast MAC forwarding entry. This is implemented using the

create fdbentry vlan ports

command.