Black Box LPB2910A User Manual page 75

Parameter d escription:
System C onfiguration
Mode:

Indicates if Limit Control is globally enabled or disabled on the switch. If globally disabled, other
modules may still use the underlying functionality, but limit checks and corresponding actions are
disabled.
Aging E nabled:

If c hecked, s ecured M AC a ddresses a re s ubject t o a ging a s d iscussed u nder A ging P eriod .
Aging P eriod:

If A ging E nabled i s c hecked, t hen t he a ging p eriod i s c ontrolled w ith t his i nput. I f o ther m odules a re
using the underlying port security for securing MAC addresses, they may have other requirements
for t he a ging p eriod. T he u nderlying p ort s ecurity w ill u se t he s horter r equested a ging p eriod o f a ll
modules t hat u se t he f unctionality.
The A ging P eriod c an b e s et t o a n umber b etween 1 0 a nd 1 0,000,000 s econds.
To understand why aging may be desired, consider the following scenario: Suppose an end-­‐host is
connected to a 3rd party switch or hub, which is connected to a port on this switch that has Limit
Control e nabled. T he e nd-­‐host w ill b e a llowed t o f orward i f t he l imit i s n ot e xceeded. N ow s uppose
that the end-­‐host logs off or powers down. If it wasn't for aging, the end-­‐host would still take up
resources on this switch and will be allowed to forward. To overcome this situation, enable aging.
With a ging e nabled, a t imer i s s tarted o nce t he e nd-­‐host g ets s ecured. W hen t he t imer e xpires, t he
switch s tarts l ooking f or f rames f rom t he e nd-­‐host, a nd i f s uch f rames a re n ot s een w ithin t he n ext
Aging Period, the end-­‐host is assumed to be disconnected, and the corresponding resources are
freed o n t he s witch.
Port C onfiguration
The t able h as o ne r ow f or e ach p ort o n t he s elected s witch a nd a n umber o f c olumns, w hich a re:
Port:

The p ort n umber t hat t he c onfiguration b elow a pplies t o.
Mode:

Controls w hether L imit C ontrol i s e nabled o n t his p ort. B oth t his a nd t he G lobal M ode m ust b e s et
to E nabled f or L imit C ontrol t o b e i n e ffect. N otice t hat o ther m odules m ay s till u se t he u nderlying
port s ecurity f eatures w ithout e nabling L imit C ontrol o n a g iven p ort.
Limit:

The maximum number of MAC addresses that can be secured on this port. This number cannot
exceed 1 024. I f t he l imit i s e xceeded, t he c orresponding a ction i s t aken.
The switch is "born" with a total number of MAC addresses from which all ports draw whenever a
new M AC a ddress i s s een o n a P ort S ecurity-­‐enabled p ort. S ince a ll p orts d raw f rom t he s ame p ool,
a c onfigured m aximum m ight n ot b e g ranted i f t he r emaining p orts h ave a lready u sed a ll a vailable
MAC a ddresses.
Action:

If L imit i s r eached, t he s witch c an t ake o ne o f t he f ollowing a ctions:
None: D o n ot a llow m ore t han L imit M AC a ddresses o n t he p ort, b ut t ake n o f urther a ction.
Trap: If Limit + 1 MAC addresses is seen on the port, send an SNMP trap. If Aging is disabled, only
one SNMP trap will be sent, but with Aging enabled, new SNMP traps will be sent every time the
limit g ets e xceeded.
Shutdown: I f L imit + 1 M AC a ddresses i s s een o n t he p ort, s hut d own t he p ort. T his i mplies t hat a ll
secured M AC a ddresses w ill b e r emoved f rom t he p ort, a nd n o n ew a ddress w ill b e l earned. E ven i f
the link is physically disconnected and reconnected on the port (by disconnecting the cable), the
port w ill r emain s hut d own. T here a re t hree w ays t o r e-­‐open t he p ort:
63
Publication date: Sept, 2015
Revision A1