3 Configuring Learned
Learned Port Security (LPS) provides a mechanism for authorizing source learning of MAC addresses on
Ethernet and Gigabit Ethernet ports. The only types of Ethernet ports that LPS does not support are link
aggregate and tagged (trunked) link aggregate ports. Using LPS to control source MAC address learning
provides the following benefits:
•
A configurable source learning time limit that applies to all LPS ports.
•
A configurable limit on the number of MAC addresses allowed on an LPS port.
•
Dynamic configuration of a list of authorized source MAC addresses.
•
Static configuration of a list of authorized source MAC addresses.
•
Two methods for handling unauthorized traffic: stopping all traffic on the port or only blocking traffic
that violates LPS criteria.
In This Chapter
This chapter describes how to configure LPS parameters through the Command Line Interface (CLI). CLI
commands are used in the configuration examples; for more details about the syntax of commands, see the
OmniSwitch CLI Reference Guide.
Configuration procedures described in this chapter include:
•
Enabling LPS for a port on
•
Specifying a source learning time limit for all LPS ports on
•
Configuring the maximum number of MAC addresses learned per port on
•
Configuring the maximum number of filtered MAC addresses learned per port on
•
Configuring a list of authorized MAC addresses for an LPS port on
•
Configuring a range of authorized MAC addresses for an LPS port on
•
Selecting the security violation mode for an LPS port on
•
Displaying LPS configuration information on
For more information about source MAC address learning, see
OmniSwitch AOS Release 6 Network Configuration Guide
page
3-7.
page
3-12.
September 2009
Port Security
page
3-8.
page
3-9.
page
3-10.
page
3-10.
page
3-11.
Chapter 2, "Managing Source Learning."
page
3-10.
page 3-1