Configuring Learned Port Security
Sample Learned Port Security Configuration
This section provides a quick tutorial to perform the following tasks:
•
Enabling LPS on a set of switch ports.
•
Defining the maximum number of learned MAC addresses allowed on an LPS port.
•
Defining the time limit for which source learning is allowed on all LPS ports.
•
Selecting a method for handling unauthorized traffic received on an LPS port.
1
Enable LPS on ports 6 through 8 on slot 1 using the following commands:
-> port-security port 1/6-8 learning-enable
2
Set the total number of learned MAC addresses allowed on the same ports to 25 using the following
command:
-> port-security port 1/6-8 maximum 25
3
Configure the amount of time in which source learning is allowed on all LPS ports to 30 minutes using
the following command:
-> port-security learning-window 30
4
Select shutdown for the LPS violation mode using the following command:
-> port-security port 1/6-8 violation shutdown
Note. Optional. To verify LPS port configurations, use the command
-> show port-security
Port:
1/6
Operation Mode
Max MAC bridged
Violation
Max MAC filtered :
Low MAC Range
High MAC Range
MAC
-------------------------+--------+-------------+----------------------
00:00:39:59:f1:0c
Port:
1/7
Operation Mode
Max MAC bridged
Violation
Max MAC filtered :
Low MAC Range
High MAC Range
MAC
-------------------------+--------+-------------+----------------------
Port:
1/8
OmniSwitch AOS Release 7 Network Configuration Guide
:
SHUTDOWN-LW,
:
:
RESTRICT,
:
00:00:00:00:00:00,
:
ff:ff:ff:ff:ff:ff
VLAN
MAC TYPE
1
:
SHUTDOWN-LW,
:
:
RESTRICT,
:
00:00:00:00:00:00,
:
ff:ff:ff:ff:ff:ff
VLAN
MAC TYPE
Sample Learned Port Security Configuration
show
port-security. For example:
10,
5,
OPERATION
static
bridging
10,
5,
OPERATION
March 2011
page 25-3