Configuring manual-mode MFF in a tree network
Network requirements
As shown in Figure 131, all the devices are in VLAN 100. Hosts A, B, and C are assigned IP addresses manually.
Configure MFF to isolate the hosts at Layer 2 and allow them to communicate with each other through the gateway at Layer 3.
Figure 131: Network diagram
Configuration procedure
Configure IP addresses of the hosts as shown in Figure 131.
Configure the IP address of GigabitEthernet 1/0/1 on the gateway.
<Gateway> system-view [Gateway] interface gigabitethernet 1/0/1 [Gateway-GigabitEthernet1/0/1] ip address 10.1.1.100 24
Configure Switch A:
# Configure manual-mode MFF.
[SwitchA] vlan 100 [SwitchA-vlan-100] mac-forced-forwarding default-gateway 10.1.1.100
# Specify the IP address of the server.
[SwitchA-vlan-100] mac-forced-forwarding server 10.1.1.200
# Enable ARP snooping.
[SwitchA-vlan-100] arp-snooping enable [SwitchA-vlan-100] quit
# Configure GigabitEthernet 1/0/2 as a network port.
[SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] mac-forced-forwarding network-port
Configure Switch B:
# Configure manual-mode MFF.
[SwitchB] vlan 100 [SwitchB-vlan-100] mac-forced-forwarding default-gateway 10.1.1.100
# Specify the IP address of the server.
[SwitchB-vlan-100] mac-forced-forwarding server 10.1.1.200
# Enable ARP snooping.
[SwitchB-vlan-100] arp-snooping enable [SwitchB-vlan-100] quit
# Configure GigabitEthernet 1/0/6 as a network port.
[SwitchB] interface gigabitethernet 1/0/6 [SwitchB-GigabitEthernet1/0/6] mac-forced-forwarding network-port