Brocade Communications Systems Brocade ICX 6650 6650 User Manual
204
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
MAC port security configuration
Setting the maximum number of secure
MAC addresses for an interface
MAC addresses for an interface
When MAC port security is enabled, an interface can store one secure MAC address. You can
increase the number of MAC addresses that can be stored to a maximum of 64, plus the total
number of global resources available.
increase the number of MAC addresses that can be stored to a maximum of 64, plus the total
number of global resources available.
For example, to configure interface 1/1/7 to have a maximum of 10 secure MAC addresses, enter
the following commands.
the following commands.
Brocade(config)# interface ethernet 1/1/7
Brocade(config-if-e10000-1/1/7)# port security
Brocade(config-port-security-e10000-1/1/7)# maximum 10
Brocade(config-if-e10000-1/1/7)# port security
Brocade(config-port-security-e10000-1/1/7)# maximum 10
Syntax: maximum number-of-addresses
The number-of-addresses parameter can be set to a number from 0 through 64 plus (the total
number of global resources available). The total number of global resources is 2048 or 4096,
depending on flash memory size. Setting the parameter to 0 prevents any addresses from being
learned. The default is 1.
number of global resources available). The total number of global resources is 2048 or 4096,
depending on flash memory size. Setting the parameter to 0 prevents any addresses from being
learned. The default is 1.
Setting the port security age timer
By default, learned MAC addresses stay secure indefinitely. You can optionally configure the device
to age out secure MAC addresses after a specified amount of time.
to age out secure MAC addresses after a specified amount of time.
To set the port security age timer to 10 minutes on all interfaces, enter the following commands.
Brocade(config)# port security
Brocade(config-port-security)# age 10
Brocade(config-port-security)# age 10
To set the port security age timer to 10 minutes on a specific interface, enter the following
commands.
commands.
Brocade(config)# interface ethernet 1/1/7
Brocade(config-if-e10000-1/1/7)# port security
Brocade(config-port-security-e10000-1/1/7)# age 10
Brocade(config-if-e10000-1/1/7)# port security
Brocade(config-port-security-e10000-1/1/7)# age 10
Syntax: [no] age minutes
The minutes variable specifies a range from 0 through 1440 minutes.The default is 0 (never age
out secure MAC addresses).
out secure MAC addresses).
NOTE
Even though you can set age time to specific ports independent of the device-level setting, the actual
age timer will take the greater of the two values. Thus, if you set the age timer to 3 minutes for the
port, and 10 minutes for the device, the port MAC aging happens in 10 minutes (the device-level
setting), which is greater than the port setting that you have configured.
age timer will take the greater of the two values. Thus, if you set the age timer to 3 minutes for the
port, and 10 minutes for the device, the port MAC aging happens in 10 minutes (the device-level
setting), which is greater than the port setting that you have configured.