Overview Of Mac Port Security; In This Chapter; Local And Global Resources - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series configuration guide v02.7.02
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
Using the MAC Port Security Feature
In this chapter
Overview of MAC port security
You can configure the BigIron RX to learn a limited number of "secure" MAC addresses on an
interface. The interface will forward only packets with source MAC addresses that match these
secure addresses. The secure MAC addresses can be specified manually, or the device can learn
them automatically. After the device reaches the limit for the number of secure MAC addresses it
can learn on the interface, if the interface then receives a packet with a source MAC address that is
different from any of the secure learned addresses, it is considered a security violation.
When a security violation occurs, a Syslog entry and an SNMP trap are generated. In addition, the
device takes one of two actions: either drops packets from the violating address (and allows
packets from the secure addresses), or disables the port altogether for a specified amount of time.
You specify which of these actions takes place.
The secure MAC addresses are not flushed when an interface is disabled and brought up again.
The secure addresses can be kept secure permanently (the default), or can be configured to age
out, at which time they are no longer secure. You can configure the device to automatically save the
list of secure MAC addresses to the startup-config file at specified intervals, allowing addresses to
be kept secure across system restarts.
The port security feature applies only to Ethernet interfaces.
Local and global resources
The port security feature uses a concept of local and global "resources" to determine how many
MAC addresses can be secured on each interface. In this context, a "resource" is the ability to
store one secure MAC address entry. Each interface is allocated 64 local resources. When the port
security feature is enabled, the interface can store up to 64 secure MAC address using local
resources.
Besides the maximum of 64 local resources available to an interface, there are additional global
resources. Depending on flash memory size, a device can have 1024, 2048, or 4096 global
resources available. When an interface has secured enough MAC addresses to reach its limit for
local resources, it can secure additional MAC addresses by using global resources. Global
resources are shared among all the interfaces on a first-come, first-served basis.
BigIron RX Series Configuration Guide
53-1001810-01
•
Overview of MAC port security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 943
•
Configuring the MAC port security feature. . . . . . . . . . . . . . . . . . . . . . . . . . 944
•
Displaying MAC port security information . . . . . . . . . . . . . . . . . . . . . . . . . . 949
Chapter
32
943
Advertisement
Table of Contents
