Configuring Extended MAC Security
Use the MAC Address > Extended MAC Security pages to configure the maximum
number of MAC addresses that can be learned on an interface, the movable-static
function which allows a static address to be moved to another interface, and the
sticky-dynamic function which prevents dynamic address already learned
elsewhere from being learned at a specified interface.
Command Usage
◆
At most 32 VLANs can be enabled for the maximum MAC address count, the
sticky-dynamic function, and the movable-static function.
◆
If a trap is set on an interface and the same security violation occurs, a
minimum interval of 60 seconds is used between sending subsequent trap
messages to prevent flooding of trap messages.
◆
If a trap is set on both a port and the VLAN to which that port belongs, and a
security violation occurs, two trap messages will be sent.
Parameters
These parameters are displayed:
◆
VLAN – VLAN identifier. (Configure VLAN)
◆
Interface – Port or Trunk identifier. (Configure Interface)
◆
Sticky Dynamic MAC Status – Prevents source addresses learned at other
interfaces from being learned at this interface. (Default: Disabled)
Once the sticky-dynamic function is enabled on a interface, the MAC
■
addresses dynamically learned on other interfaces cannot be learned by
this interface. If a packet with an address learned on another interface tries
to make a station-move to this interface, it will be treated as security breach
and discarded.
The sticky-dynamic function cannot be set for a port that is a member of a
■
static or dynamic trunk.
◆
Movable Static MAC Status – Specifies an interface to which a static MAC
address can be moved. (Default: Enabled)
Use MAC Address > Static (Configure MAC Address - Add) page to add static
■
addresses to the MAC address table. These addresses are not aged out, nor
removed from the address table when the assigned interface is down.
When the movable-static address function is enabled on an interface, static
MAC addresses can be moved to this interface.
When the movable-static address function is disabled on an interface, and
a packet with a static MAC address attempts to enter this interface, the
packet is dropped.
– 175 –
Chapter 6
| Address Table Settings
Configuring Extended MAC Security