Foundry Configuration Guide for the FESX, FSX, and FWSX
C - 8 © Foundry Networks, Inc. December 2005
Action
MAC filters forward (permit) or drop (deny) packets.
Scope
You configure MAC filters globally, then apply them to individual ports. The filters do not take effect until applied to
specific ports. MAC filters apply only to incoming packets.
Syntax
Use the following CLI commands to configure MAC filters.
Address-Lock Filters
Address-lock filters limit the number of MAC addresses that can be learned on a port. The port forwards only
those packets that contain one of the source MAC addresses learned by the port. The port drops other packets.
In addition, the device generates an SNMP trap for other packets received by the port.
Figure B.6 shows an example of an address-lock filter. In this example, the Foundry device is configured to learn
only two MAC addresses on port 3/1. After the device learns two addresses, port 3/1 can forward only a packet
whose source address is one of the two learned addresses. The port drops all other packets. This applies even to
MAC broadcasts. If one of the packets learned on the port is not addressed to the MAC broadcast address, the
port cannot forward MAC broadcasts.
The device learns MAC addresses from the source-MAC-address field of inbound packets received on the port.
NOTE: The FastIron Edge Switch does not support address-lock filters on static trunk ports or ports on which
link-aggregation is enabled.
Table C.9: MAC Filters
CLI syntax
(config)# mac filter <filter-num> permit | deny any | <H.H.H> any |
<H.H.H> etype | IIc | snap <operator> <frame-type>
(config-if-1/1)# mac-filter-group <filter-list>
To Next Page
Loading...
Need help?
General
