Configuring auto-mode MFF in a tree network

Network requirements

As shown in Figure 129, all the devices are in VLAN 100. Hosts A, B, and C obtain IP addresses from the DHCP server.

Configure MFF to isolate the hosts at Layer 2 and allow them to communicate with each other through the gateway at Layer 3.

Figure 129: Network diagram

Configuration procedure

  • Configure the IP address of GigabitEthernet 1/0/1 on the gateway.

  • <Gateway> system-view
    [Gateway] interface gigabitethernet 1/0/1
    [Gateway-GigabitEthernet1/0/1] ip address 10.1.1.100 24
    
  • Configure the DHCP server:

  • # Enable DHCP, and configure a DHCP address pool.

    <Device> system-view
    [Device] dhcp enable
    [Device] dhcp server ip-pool 1
    [Device-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.0
    

    # Add the gateway's IP address into DHCP address pool 1.

    [Device-dhcp-pool-1] gateway-list 10.1.1.100
    [Device-dhcp-pool-1] quit
    

    # Configure the IP address of GigabitEthernet 1/0/2.

    [Device] interface gigabitethernet 1/0/2
    [Device-GigabitEthernet1/0/2] ip address 10.1.1.50 24
    
  • Configure Switch A:

  • # Enable DHCP snooping.

    <SwitchA> system-view
    [SwitchA] dhcp-snooping
    

    # Enable MFF in automatic mode.

    [SwitchA] vlan 100
    [SwitchA-vlan-100] mac-forced-forwarding auto
    [SwitchA-vlan-100] quit
    

    # Configure GigabitEthernet 1/0/2 as a network port.

    [SwitchA] interface gigabitethernet 1/0/2
    [SwitchA-GigabitEthernet1/0/2] mac-forced-forwarding network-port
    

    # Configure GigabitEthernet 1/0/2 as a DHCP snooping trusted port.

    [SwitchA-GigabitEthernet1/0/2] dhcp-snooping trust
    
  • Configure Switch B:

  • # Enable DHCP snooping.

    <SwitchB> system-view
    [SwitchB] dhcp-snooping
    

    # Enable MFF in automatic mode.

    [SwitchB] vlan 100
    [SwitchB-vlan-100] mac-forced-forwarding auto
    [SwitchB-vlan-100] quit
    

    # Configure GigabitEthernet 1/0/6 as a network port.

    [SwitchB] interface gigabitethernet 1/0/6
    [SwitchB-GigabitEthernet1/0/6] mac-forced-forwarding network-port
    

    # Configure GigabitEthernet 1/0/6 as a DHCP snooping trusted port.

    [SwitchB-GigabitEthernet1/0/6] dhcp-snooping trust