Configuring The Number Of Bridged Mac Addresses Allowed - OmniSwitch os6900 Network Configuration Manual

Configuring Learned Port Security

Configuring the Number of Bridged MAC Addresses Allowed

To configure the number of bridged MAC addresses allowed on an LPS port, use the
mum command. For example, the following command sets the maximum number of MAC addresses
learned on port 10 of slot 6 to 75:
-> port-security port 6/10 maximum 75
To specify a maximum number of MAC addresses allowed for multiple ports, specify a range of ports. For
example:
-> port-security port 1/10-15 maximum 10
-> port-security port 2/1-5 maximum 25
If there are 10 configured authorized MAC addresses for an LPS port and the maximum number of
addresses allowed is set to 15, then only 5 dynamically learned MAC address are allowed on this port.
If the maximum number of MAC addresses allowed is reached before the switch LPS time limit expires,
then all source learning of dynamic and configured bridged MAC addresses is stopped on the LPS port.
However, the switch will continue to learn subsequent addresses as filtered until the maximum number of
filtered MAC addresses allowed on the port is reached.
Configuring the Trap Threshold for Bridged MAC Addresses
The LPS trap threshold value determines how many bridged MAC addresses the port must learn before a
trap is sent. Once this value is reached, a trap is sent for every MAC learned thereafter.
By default, when one bridged MAC addresses is learned on an LPS port, the switch sends a trap. To
change the trap threshold value, use the
-> port-security port learn-trap-threshold 10
Sending a trap when this threshold is reached provides notification of newly learned bridged MAC
addresses. Trap contents includes identifying information about the MAC, such as the address itself, the
corresponding IP address, switch identification, and the slot/port number on which the MAC was learned.
Configuring the Number of Filtered MAC Addresses Allowed
To configure the number of filtered MAC addresses allowed on an LPS port, use the
max-filtering command. For example, the following command sets the maximum number of filtered
MAC addresses learned on port 9 of slot 5 to 18:
-> port-security port 5/9 max-filtering 18
To specify a maximum number of filtered MAC addresses learned on multiple ports, specify a range of
ports or multiple slots. For example:
-> port-security port 5/9-15 max-filtering 10
-> port-security port 1/1-5 max-filtering 25
If the maximum number of filtered MAC addresses allowed is reached:
•
The violation mode configured for the LPS port is applied (see
Mode" on page 31-16
•
An SNMP trap is generated.
•
An event is entered into the switch log.
page 31-14
port-security learn-trap-threshold
for more information).
OmniSwitch AOS Release 7 Network Configuration Guide
Configuring Learned Port Security
port-security maxi-
command. For example:
port-security port
"Selecting the Security Violation
June 2013