Configuring auto-mode MFF in a tree network
Network requirements
As shown in Figure 129, all the devices are in VLAN 100. Hosts A, B, and C obtain IP addresses from the DHCP server.
Configure MFF to isolate the hosts at Layer 2 and allow them to communicate with each other through the gateway at Layer 3.
Figure 129: Network diagram
Configuration procedure
Configure the IP address of GigabitEthernet 1/0/1 on the gateway.
<Gateway> system-view [Gateway] interface gigabitethernet 1/0/1 [Gateway-GigabitEthernet1/0/1] ip address 10.1.1.100 24
Configure the DHCP server:
# Enable DHCP, and configure a DHCP address pool.
<Device> system-view [Device] dhcp enable [Device] dhcp server ip-pool 1 [Device-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.0
# Add the gateway's IP address into DHCP address pool 1.
[Device-dhcp-pool-1] gateway-list 10.1.1.100 [Device-dhcp-pool-1] quit
# Configure the IP address of GigabitEthernet 1/0/2.
[Device] interface gigabitethernet 1/0/2 [Device-GigabitEthernet1/0/2] ip address 10.1.1.50 24
Configure Switch A:
# Enable DHCP snooping.
<SwitchA> system-view [SwitchA] dhcp-snooping
# Enable MFF in automatic mode.
[SwitchA] vlan 100 [SwitchA-vlan-100] mac-forced-forwarding auto [SwitchA-vlan-100] quit
# Configure GigabitEthernet 1/0/2 as a network port.
[SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] mac-forced-forwarding network-port
# Configure GigabitEthernet 1/0/2 as a DHCP snooping trusted port.
[SwitchA-GigabitEthernet1/0/2] dhcp-snooping trust
Configure Switch B:
# Enable DHCP snooping.
<SwitchB> system-view [SwitchB] dhcp-snooping
# Enable MFF in automatic mode.
[SwitchB] vlan 100 [SwitchB-vlan-100] mac-forced-forwarding auto [SwitchB-vlan-100] quit
# Configure GigabitEthernet 1/0/6 as a network port.
[SwitchB] interface gigabitethernet 1/0/6 [SwitchB-GigabitEthernet1/0/6] mac-forced-forwarding network-port
# Configure GigabitEthernet 1/0/6 as a DHCP snooping trusted port.
[SwitchB-GigabitEthernet1/0/6] dhcp-snooping trust