Configuring Learned Port Security Configuring Learned Port Security
OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 25-11
Note. The number of converted static MAC addresses cannot exceed the maximum number of MAC
addresses allowed on the LPS ports.
Configuring the Number of Bridged MAC Addresses Allowed
To configure the number of bridged MAC addresses allowed on an LPS port, enter port-security followed
by the port keyword and slot/port designation, then maximum followed by a number between 1 and 100.
For example, the following command sets the maximum number of MAC addresses learned on port 10 of
slot 6 to 75:
-> port-security port 6/10 maximum 75
To specify a maximum number of MAC addresses allowed for multiple ports, specify a range of ports. For
example:
-> port-security port 1/10-15 maximum 10
-> port-security port 2/1-5 maximum 25
If there are 10 configured authorized MAC addresses for an LPS port and the maximum number of
addresses allowed is set to 15, then only 5 dynamically learned MAC address are allowed on this port.
If the maximum number of MAC addresses allowed is reached before the switch LPS time limit expires,
then all source learning of dynamic and configured MAC addresses is stopped on the LPS port.
Configuring the Trap Threshold for Bridged MAC Addresses
The LPS trap threshold value determines how many bridged MAC addresses the port must learn before a
trap is sent. Once this value is reached, a trap is sent for every MAC learned thereafter.
By default, when five bridged MAC addresses are learned on an LPS port, the switch sends a trap. To
change the trap threshold value, use the port-security port learn-trap-threshold command. For example:
-> port-security port learn-trap-threshold 10
Sending a trap when this threshold is reached provides notification of newly learned bridged MAC
addresses. Trap contents include identifying information about the MAC, such as the address itself, the
corresponding IP address, switch identification, and the slot and port number on which the MAC was
learned.
Configuring the Number of Filtered MAC Addresses Allowed
To configure the number of filtered MAC addresses allowed on an LPS port, enter port-security followed
by the port keyword and slot/port designation, then max-filtering followed by a number between 1 and
100. For example, the following command sets the maximum number of filtered MAC addresses learned
on port 9 of slot 5 to 18:
-> port-security port 5/9 max-filtering 18
To specify a maximum number of filtered MAC addresses learned on multiple ports, specify a range of
ports or multiple slots. For example:
-> port-security port 5/9-15 max-filtering 10
-> port-security port 1/1-5 max-filtering 25
To Next Page
Loading...
