78
System Configuration
◆ Mode – Enables or disables Limit Control is globally on the switch. If globally disabled,
other modules may still use the underlying functionality, but limit checks and
corresponding actions are disabled.
◆ Aging Enabled – If enabled, secured MAC addresses are subject to aging as discussed
under Aging Period. With aging enabled, a timer is started once the end-host gets
secured. When the timer expires, the switch starts looking for frames from the end-host,
and if such frames are not seen within the next Aging Period, the end-host is assumed to
be disconnected, and the corresponding resources are freed on the switch.
◆ Aging Period – If Aging Enabled is checked, then the aging period is controlled with this
parameter. If other modules are using the underlying port security for securing MAC
addresses, they may have other requirements for the aging period. The underlying port
security will use the shortest requested aging period of all modules that use this
functionality. (Range: 10-10,000,000 seconds; Default: 3600 seconds)
Port Configuration
◆ Port – Port identifier.
◆ Mode – Controls whether Limit Control is enabled on this port. Both this and the global
Mode must be set to Enabled for Limit Control to be in effect. Notice that other modules
may still use the underlying port security features without enabling Limit Control on a
given port.
◆ Limit – The maximum number of MAC addresses that can be secured on this port. This
number cannot exceed 1024. If the limit is exceeded, the corresponding action is taken.
The switch is “initialized” with a total number of MAC addresses from which all ports draw
whenever a new MAC address is seen on a Port Security-enabled port. Since all ports
draw from the same pool, it may happen that a configured maximum cannot be granted if
the remaining ports have already used all available MAC addresses.
◆ Action – If Limit is reached, the switch can take one of the following actions:
■ None: Do not allow more than the specified Limit of MAC addresses on the port, but
take no further action.
■ Trap: If Limit + 1 MAC addresses is seen on the port, send an SNMP trap. If Aging is
disabled, only one SNMP trap will be sent, but with Aging enabled, new SNMP traps will
be sent every time the limit is exceeded.
■ Shutdown: If Limit + 1 MAC addresses is seen on the port, shut down the port. This
implies that all secured MAC addresses will be removed from the port, and no new
addresses will be learned. Even if the link is physically disconnected and reconnected on
the port (by disconnecting the cable), the port will remain shut down. There are three ways
to re-open the port:
■ Boot the switch,
To Next Page
Loading...
