Alcatel-Lucent 6850-48 Network Guide
Configuring Learned Port Security
Configuring Learned Port Security
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 3-7
Configuring Learned Port Security
This section describes how to use Command Line Interface (CLI) command to configure Learned Port
Security (LPS) on a switch. See the
Security (LPS) on a switch. See the
for a brief
tutorial on configuring LPS.
Configuring LPS involes the following procedures:
.
• Configuring the source learning time window during which MAC addresses are learned. This proce-
• Configuring the maximum number of bridged MAC addresses allowed on an LPS port. This procedure
• Configuring the maximum number of filtered MAC addresses allowed on an LPS port. This procedure
is describe in
.
• Specifying whether or not an LPS port shuts down all traffic or only restricts traffic when an unautho-
Enabling/Disabling Learned Port Security
By default, LPS is disabled on all switch ports. To enable LPS on a port, use the
command.
For example, the following command enables LPS on port 1 of slot 4:
-> port-security 4/1 enable
To enable LPS on multiple ports, specify a range of ports or multiple slots. For example:
-> port-security 4/1-5 enable
-> port-security 5/12-20 6/10-15 enable
Note that when LPS is enabled on an active port, all MAC addresses learned on that port prior to the time
LPS was enabled are cleared from the source learning MAC address table.
LPS was enabled are cleared from the source learning MAC address table.
To disable LPS on a port, use the port-security command with the disable parameter. For example, the
following command disables LPS on a range of ports:
following command disables LPS on a range of ports:
-> port-security 5/21-24 6/1-4 disable
To disable all the LPS ports on a chassis, use the port-security chassis disable command, as shown:
-> port-security chassis disable
When LPS is disabled on a port, MAC address entries for that port are retained in the LPS table. The next
time LPS is enabled on the port, the same LPS table entries are again active. If there is a switch reboot
before the switch configuration is saved, however, dynamic MAC address entries are discarded from the
table.
time LPS is enabled on the port, the same LPS table entries are again active. If there is a switch reboot
before the switch configuration is saved, however, dynamic MAC address entries are discarded from the
table.