Learned Port Security Overview Configuring Learned Port Security
page 25-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011
Port and Link Aggregate Security Violation
A port-security violation is triggered when the switch exceeds the limit for the maximum number of MAC
addresses learnt. There are different types of violations:
• LPS violations
• QoS Policy violations
• Network Security violations
• UDLD violations
• Fabric stability related violations
A security violation occurs under the following conditions:
• a port is configured as a secure port and the number of secure MAC addresses learnt on the port has
exceeded the maximum value.
• a workstation with a secure MAC address that is configured or learned on one of the secure ports,
attempts to access another secure port.
Security violations on Link Aggregates:
• When a violation occurs on a physical port that is part of a link aggregate, it affects the entire link
aggregate group. All ports on that link aggregate are either restricted or shut down.
• When the violations are cleared for the whole link aggregate group using the clear violation command,
the whole link aggregate group is reactivated.
• When a simulated down violation is listed, toggling the link clears the violation, for both the link
aggregates and physical ports.
A specific action is taken when a violation is detected on the port. Depending on the type of violation, two
types of actions are associated with the shutdown of a port:
• admin down - deactivates the physical port. This action is taken for a UDLD violation.
• simulated down - the physical port shows as active but the applications are not allowed to access the
port link. The port is put in blocking state.
The LPS violations on individual ports or link aggregates can be viewed using the show violation
command.
Note.
• The source learning time limit is configured on the LPS ports, using the port-security learning-
window command.
• Use the clear violation command to clear all the MAC address violation logs for a particular port and
session and activate the ports.
To Next Page
Loading...
