Table of Contents
Advertisement
This page allows you to configure the Port Security Limit Control system and port
settings.
Limit Control allows for limiting the number of users on a given port. A user is identified
by a MAC address and VLAN ID. If Limit Control is enabled on a port, the limit
specifies the maximum number of users on the port. If this number is exceeded, an action
is taken. The action can be one of the four different actions as described below.
The Limit Control module utilizes a lower-layer module, Port Security module, which
manages MAC addresses learnt on the port.
The Limit Control configuration consists of two sections, a system- and a port-wide.
SYSTEM CONFIGURATION
Mode
Indicates if Limit Control is globally enabled or disabled on the switch. If globally disabled, other
modules may still use the underlying functionality, but limit checks and corresponding actions are
disabled.
Aging Enabled
If checked, secured MAC addresses are subject to aging as discussed under Aging Period.
Aging Period
If Aging Enabled is checked, then the aging period is controlled with this input. If other modules
are using the underlying port security for securing MAC addresses, they may have other
requirements to the aging period. The underlying port security will use the shorter requested aging
period of all modules that use the functionality.
The Aging Period can be set to a number between 10 and 10,000,000 seconds.
To understand why aging may be desired, consider the following scenario: Suppose an end-host is
connected to a 3rd party switch or hub, which in turn is connected to a port on this switch on
which Limit Control is enabled. The end-host will be allowed to forward if the limit is not
exceeded. Now suppose that the end-host logs off or powers down. If it wasn't for aging, the end-
host would still take up resources on this switch and will be allowed to forward. To overcome this
situation, enable aging. With aging enabled, a timer is started once the end-host gets secured.
When the timer expires, the switch starts looking for frames from the end-host, and if such frames
are not seen within the next Aging Period, the end-host is assumed to be disconnected, and the
corresponding resources are freed on the switch.
PORT CONFIGURATION
The table has one row for each port on the switch and a number of columns, which are:
Port
The port number to which the configuration below applies.
Mode
Controls whether Limit Control is enabled on this port. Both this and the Global Mode must be set
to Enabled for Limit Control to be in effect. Notice that other modules may still use the
underlying port security features without enabling Limit Control on a given port.
PAGE 83
OPTICAL SYSTEMS DESIGN
OSD2790SFP OPERATOR MANUAL
DOC ID: 10118801
Advertisement
Table of Contents
