Default Evc Mac Security Configuration - Cisco 3845 - Security Bundle Router Software Manual
Software configuration guide
Hide thumbs
Also See for 3845 - Security Bundle Router:
- Manual (94 pages) ,
- Quick start manual (38 pages) ,
- Hardware installation manual (418 pages)
Table of Contents
Advertisement
Configuring EVC MAC Security
You can configure the EFP for one of three violation modes, based on the action to be taken if a violation
occurs:
•
•
•
Table 19-1
Table 19-1
Security Violation Mode Actions
Traffic is
Violation Mode
forwarded
protect
No
restrict
No
shutdown
No
1. Packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses.
2. The switch returns an error message if you manually configure an address that would cause a security violation.
Default EVC MAC Security Configuration
Table 19-2
Feature
EVC MAC security
Sticky address learning
Maximum number of secure
MAC addresses per EFP
Violation mode
MAC security aging
Cisco ME 3800X and 3600X Switch Software Configuration Guide
19-8
protect—when the number of secure MAC addresses reaches the maximum limit allowed on the
EFP, packets with unknown source addresses are dropped until you remove a sufficient number of
secure MAC addresses to drop below the maximum value or increase the number of maximum
allowable addresses. You are not notified that a security violation has occurred.
restrict—when the number of secure MAC addresses reaches the maximum limit allowed on the
EFP, packets with unknown source addresses are dropped until you remove a sufficient number of
secure MAC addresses to drop below the maximum value or increase the number of maximum
allowable addresses. In this mode, you are notified that a security violation has occurred. An SNMP
trap is sent, a syslog message is logged, and the violation counter increments.
shutdown—a MAC security violation causes the EFP service instance to become error-disabled and
to shut down immediately. An SNMP trap is sent, a syslog message is logged, and the violation
counter increments. When a secure EFP is in the error-disabled state, you can manually re-enable it
using clear ethernet service instance number interface interface-id privileged EXEC command or
entering the shutdown and no shutdown service instance configuration commands. This is the
default mode.
shows the violation mode and the actions taken when you configure a secure EFP.
Sends SNMP
1
trap
No
Yes
Yes
Default EVC MAC Security Configuration
Sends syslog
Displays error
message
message
No
No
Yes
No
Yes
No
Default Setting
Disabled on an EFP.
Disabled.
1.
Shutdown. The service instance shuts down when the maximum
number of secure MAC addresses is exceeded.
Disabled. Aging time is 0.
Static aging is disabled.
Chapter 19
Configuring Traffic Control
Violation
counter
2
increments
No
Yes
Yes
Shuts down port
No
No
Yes
OL-23400-01
- Quick Links:
- Vlan Features
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
