Static Configuration Of Authorized Mac Addresses; Understanding The Lps Table - Alcatel OmniSwitch 6600 Family Network Configuration Manual

Learned Port Security Overview

Static Configuration of Authorized MAC Addresses

It is also possible to statically configure authorized source MAC address entries into the LPS table. This
type of entry behaves the same way as dynamically configured entries in that it authorizes port access to
traffic that contains a matching source MAC address.
Static source MAC address entries, however, take precedence over dynamically learned entries. For exam-
ple, if there are 2 static MAC address entries configured for port 2/1 and the maximum number allowed on
port 2/1 is 10, then only 8 dynamically learned MAC addresses are allowed on this port.
Note that source learning of configured authorized MAC addresses is still allowed after the LPS time limit
has expired. However, all learning is stopped if the number of MAC addresses learned meets or exceeds
the maximum number of addresses allowed, even if the LPS time limit has not expired.
There are two ways to define a static source MAC address entry in the LPS table; specify an individual
MAC address or a range of MAC addresses. See
and "Configuring an Authorized MAC Address Range" on page 3-9

Understanding the LPS Table

The LPS database table is separate from the source learning MAC address table. However, when a MAC is
authorized for learning on an LPS port, an entry is made in the MAC address table in the same manner as
if it was learned on a non-LPS port (see
In addition to dynamic and configured source MAC address entries, the LPS table also provides the
following information for each eligible LPS port:
The LPS status for the port; enabled or disabled.
•
The maximum number of MAC addresses allowed on the port.
•
The violation mode selected for the port; restrict or shutdown.
•
Statically configured MAC addresses and MAC address ranges.
•
All MAC addresses learned on the port.
•
The management status for the MAC address entry; configured or dynamic.
•
Note that dynamic MAC address entries become configured entries after the switch configuration is saved
and the switch is rebooted. However, any dynamic MAC address entries that are not saved to the switch
configuration are cleared if the switch reboots before the next save.
If the LPS port is shut down or the network device is disconnected from the port, the LPS table entries for
this port are retained, but the source learning MAC address table entries for the same port are automati-
cally cleared. In addition, if an LPS table entry is intentionally cleared from the table, the MAC address for
this entry is automatically cleared from the source learning table at the same time.
To view the contents of the LPS table, use the
CLI Reference Guide for more information about this command.
page 3-6
"Configuring Authorized MAC Addresses" on page 3-8
Chapter 2, "Managing Source Learning,"
show port-security
OmniSwitch 6600 Family Network Configuration Guide
Configuring Learned Port Security
for more information.
for more information).
command. Refer to the OmniSwitch
April 2006