Extreme Networks ExtremeWare XOS Command Reference Manual page 740
Version 11.3
Hide thumbs
Also See for ExtremeWare XOS:
- Command reference manual (2024 pages) ,
- Manual (698 pages) ,
- Command reference manual (970 pages)
Table of Contents
Advertisement
Security Commands
For ports that have a learning limit in place, the following traffic still flows to the port:
Packets destined for permanent MACs and other non-blackholed MACs
●
Broadcast traffic
●
EDP traffic
●
Traffic from the permanent MAC and any other non-blackholed MACs will still flow from the virtual
port.
If you configure a MAC address limit on VLANS that participate in an Extreme Standby Router
Protocol (ESRP) domain, you should add an additional back-to-back link (that has no MAC address
limit on these ports) between the ESRP-enabled switches. Doing so prevents ESRP protocol data units
(PDUs) from being dropped due to MAC address limit settings.
Port lockdown. The port lockdown feature allows you to prevent any additional learning on the virtual
port, keeping existing learned entries intact. This is equivalent to making the dynamically-learned
entries permanent static, and setting the learning limit to zero. All new source MAC addresses are
blackholed.
Locked entries do not get aged, but can be deleted like any other permanent FDB entries. The maximum
number of permanent lockdown entries is 1024. Any FDB entries above will be flushed and blackholed
during lockdown.
For ports that have lockdown in effect, the following traffic still flows to the port:
Packets destined for the permanent MAC and other non-blackholed MACs
●
Broadcast traffic
●
EDP traffic
●
Traffic from the permanent MAC will still flow from the virtual port.
Once the port is locked down, all the entries become permanent and will be saved across reboot.
When you remove the lockdown using the unlock-learning option, the learning-limit is reset to
unlimited, and all associated entries in the FDB are flushed.
To verify the MAC security configuration for the specified VLAN or ports, use the following
commands:
show vlan <vlan name> security
show ports <portlist> info detail
Example
The following command limits the number of MAC addresses that can be learned on ports 1, 2, 3, and 6
in a VLAN named accounting, to 128 addresses:
configure ports 1, 2, 3, 6 vlan accounting learning-limit 128
The following command locks ports 4 and 5 of VLAN accounting, converting any FDB entries to static
entries, and prevents any additional address learning on these ports:
configure ports 4,5 vlan accounting lock-learning
740
ExtremeWare XOS 11.3 Command Reference
Advertisement
Table of Contents
Related Manuals for Extreme Networks ExtremeWare XOS
Related Products for Extreme Networks ExtremeWare XOS
- Extreme Networks ExtremeWare Command
- Extreme Networks ExtremeWare Enterprise Manager
- Extreme Networks EPICenter Guide
- Extreme Networks ExtremeXOS ScreenPlay
- Extreme Networks ExtremeWireless AP460i
- Extreme Networks ExtremeWireless AP460e
- Extreme Networks ExtremeSwitching X440-G2-24p-10GE4
- Extreme Networks ExtremeSwitching X440-G2-24t-10GE4-DC
- Extreme Networks ExtremeSwitching X440-G2-24fx-GE4
- Extreme Networks ExtremeSwitching X450-G2-24p-GE4
- Extreme Networks ExtremeSwitching X450-G2-24p-10GE4
- Extreme Networks ExtremeSwitching X460-G2-24t-10GE4
- Extreme Networks ExtremeSwitching X460-G2-24p-GE4
- Extreme Networks ExtremeSwitching X620-16x
- Extreme Networks ExtremeSwitching X670-G2-48x-4q
- Extreme Networks ExtremeSwitching X620-8t-2x