Learned Port Security Overview - OmniSwitch os6900 Network Configuration Manual

Configuring Learned Port Security

Learned Port Security Overview

Learned Port Security (LPS) provides a mechanism for controlling network device access on one or more
switch ports. Configurable LPS parameters allow the user to restrict the source learning of host MAC
addresses to:
•
A specific amount of time in during which source learning is allowed to occur on all LPS ports.
•
A maximum number of learned MAC addresses allowed on the port.
•
A maximum number of filtered MAC addresses allowed on the port.
•
A range of authorized source MAC addresses allowed on the port.
Additional LPS functionality allows the user to specify how the LPS port handles unauthorized traffic.
The following options are available for this purpose:
•
Block traffic that violates LPS port restrictions; authorized traffic is forwarded on the port.
•
Disable learning on the LPS port when unauthorized traffic is received.
•
Administratively down the LPS port when unauthorized traffic is received; all traffic is stopped.
LPS functionality is supported on the following port types:
•
Fixed
•
802.1Q tagged
•
Universal Network Profile (UNP).
The following port types are not supported:
•
Link aggregate
•
Tagged (trunked) link aggregate
•
Link aggregate members
LPS Learning Window
The LPS learning window is a configurable amount of time during which source learning of MAC
addresses is allowed on LPS ports. This time limit is a global switch value that applies to all LPS-enabled
ports; it is not configurable on an individual port basis.
In addition to the source learning time limit, the following learning window options are configurable:
•
Convert dynamically learned MAC aaddresses to static MAC addresses. When this option is
enabled, all dynamic MAC addresses learned during the learning window time period are converted to
static MAC addresses when the learning window closes.
•
Start the learning window when the switch boots up. When this option is enabled, the learning
window time period automatically starts each time the switch restarts.
•
Stop dynamically learned MAC address aging. When this option is enabled, MAC addresses learned
during the learning window time will not age out or get flushed, even after the learning window closes.
OmniSwitch AOS Release 7 Network Configuration Guide
Learned Port Security Overview
June 2013 page 31-5