Configuring Learned Port Security Configuring Learned Port Security
page 31-16 OmniSwitch AOS Release 7 Network Configuration Guide June 2013
Selecting the Security Violation Mode
The port-security port violation command configures the violation mode (restrict, discard, or shutdown)
that is applied to an LPS port when the maximum number of bridged and filtered addresses allowed on the
port is reached. Use the following table to determine how each violation mode is applied and which
actions or events will clear the violation state and return the port to normal operation:
Note. Unauthorized source MAC addresses are not learned in the LPS table but are still recorded in the
source learning MAC address table with a filtered operational status. This allows the user to view MAC
addresses that were attempting unauthorized access to the LPS port.
By default, the security violation mode for an LPS port is set to restrict. To configure the security viola-
tion mode for an LPS port, enter port-security followed by the slot/port designation of the port, then
violation followed by restrict, discard, or shutdown. For example, the following command selects the
shutdown mode for port 1 on slot 4:
-> port-security port 4/1 violation shutdown
To configure the security violation mode for multiple LPS ports, specify a range of ports or multiple slots.
For example:
-> port-security port 4/1-10 violation shutdown
-> port-security port 1/10-15 violation restrict
Note. To verify the details about LPS violations, use the show violation command.
-> show violation
Port Source Action Reason Timer
-------+----------+-------------------+----------------+--------
1/1 src lrn simulated down lps shutdown 0
1/2 qos simulated down policy 0
2 udld admin down udld 0
To clear all the LPS violation information use the show violation command.
Mode (Parameter) Violation Mode Description Violation Recovery
restrict Port remains up but unauthorized MAC
addresses are blocked. All other packets that
contain an authorized source MAC address are
allowed to continue forwarding on the port.
• Bridge and filtered MAC
addresses age out.
• MAC addresses are flushed.
• Use clear violation command.
• Link down/up event.
• LPS port is removed.
discard Port remains up but all traffic received on the
port is discarded. Dynamically learned MAC
addresses are flushed.
• Use clear violation command.
• Link down/up event.
• LPS port is removed.
shutdown Port is administratively disabled. All traffic is
stopped at the port; no traffic is forwarded.
• Use clear violation command.
• Link down/up event.
• LPS port is removed.
To Next Page
Loading...
Need help?
General