Dell PowerConnect B-RX Configuration Manual page 1009
Bigiron rx series supporting multi-service ironware v02.7.03
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
BigIron RX(config)# int e 7/11
BigIron RX(config-if-e100-7/11)# port security
BigIron RX(config-port-security-e100-7/11)# violation restrict 3200
Syntax: violation restrict [<#-denied-packets-processed> | force]
Enter 1 – 64000 for #-denied-packets-processed. There is no default.
Restricting the number of denied MAC addresses
If the action for a violation is restrict, you can indicate how many denied MAC addresses that will be
dropped on an interface before the interface shuts down. Once this number is reached, the
interface is shut down.
BigIron RX(config)# int e 7/11
BigIron RX(config-if-e100-7/11)# port security
BigIron RX(config-port-security-e100-7/11)# violation restrict
BigIron RX(config-port-security-e100-7/11)# restrict-mac-deny 1000
Syntax: [no] restrict-max-deny <number>
Enter 1 – 1024. The default is 128. In the example above, the interface shuts down after 1000
MAC addresses are denied.
Logging denied packets
You can specify how many packets can be logged per second.
To enable this option, enter the following command:
BigIron RX(config)# int e 7/11
BigIron RX(config-if-e100-7/11)# port security
BigIron RX(config-port-security-e100-7/11)# violation restrict 3200
BigIron RX(config-port-security-e100-7/11)# deny-log-rate 5
Syntax: [no] deny-log-rate <number-per-second>
Enter 1 - 10. The default is 0, which means the feature is disabled.
The logged message contains the packet's IP address and the MAC address of the denied packet.
For example, the following configuration shows that violation restrict is configured;
interface ethernet 14/1
port security
enable
maximum 5
violation restrict
secure-mac-address 0000.0022.2222 10
secure-mac-address 0000.0022.2223 10
secure-mac-address 0000.0022.2224 10
secure-mac-address 0000.0022.2225 10
secure-mac-address 0000.0022.2226 10
When packet from MAC address 000.0022.2227, an address that is not a secured MAC address,
the following Syslog message is generated.
SYSLOG: Mar 10 17:36:12:<12>3-RW-Core-3, Interface e14/1 shutdn due to high rate
of denied mac 0000.0022.2227, vlan 10
SYSLOG: Mar 10 17:36:12:<14>3-RW-Core-3, Interface ethernet14/1, state
down - disabled
BigIron RX Series Configuration Guide
53-1001986-01
Defining security violation actions
32
937
Advertisement
Chapters
Table of Contents
