Configuring Learned Port Security - OmniSwitch os6900 Network Configuration Manual

Configuring Learned Port Security

Configuring Learned Port Security
This section describes how to use Command Line Interface (CLI) command to configure Learned Port
Security (LPS) on a switch. See the
brief tutorial on configuring LPS.
Configuring LPS involes the following procedures:
•
Enabling LPS for one or more switch ports. This procedure is described in
Administrative Status" on page
•
Configuring the source learning time window during which MAC addresses are learned. This
procedure is described in
•
Configuring the maximum number of bridged MAC addresses allowed on an LPS port. This procedure
is described in "Configuring the Number of Bridged MAC Addresses Allowed" on page
•
Configuring the maximum number of filtered MAC addresses allowed on an LPS port. This procedure
is describe in "Configuring the Number of Filtered MAC Addresses Allowed" on page 31-14
•
Configuring a range of authorized MAC addresses allowed on an LPS port. This procedure is described
in "Configuring an Authorized MAC Address Range" on page
•
Specifying whether or not an LPS port shuts down all traffic or only restricts traffic when an
unauthorized MAC address is received on the port. This procedure is described in
"Selecting the Security Violation Mode" on page
Configuring the LPS Port Administrative Status
The port-security command is used to configure the administrative status of LPS on a port using one of
the following three parameter options:
enable
disable
locked
page 31-10
"Sample Learned Port Security Configuration" on page 31-3
31-10.
"Configuring the LPS Learning Window" on page
Enables LPS functionality on the port. When LPS is enabled:
•
All MAC addresses are cleared.
•
The LPS configuration is applied to source learning on the port.
•
The port can go into a shutdown, restricted, or discard state (based on
the configured violation mode) when unauthorized addesses are
received on the port.
Disables LPS functionality on the port. When LPS is disabled:
•
All filtered and bridged MAC addresses are cleared.
•
Pseudo-static and static addresses remain in a forwarding state.
•
The static MAC configuration is retained.
•
The LPS configuration is retained but not applied.
•
Learning on the port is wide open; not restricted by LPS.
Disables all learning on the port. When LPS is locked:
•
Existing MAC addresses are retained.
•
No additional learning is allowed.
•
Static MAC addresses are still allowed.
OmniSwitch AOS Release 7 Network Configuration Guide
Configuring Learned Port Security
31-15.
31-16.
for a
"Configuring the LPS Port
31-12.
31-14.
June 2013