Allied Telesis C613-02013-00 User Manual
34
Rapier Switch User Guide
Rapier Switch Software Release 2.2.1
C613-02013-00 Rev A
Mirroring four or more ports may significantly reduce switch performance.
The MIRROR parameter specifies the role of these port(s) as a source of mirror
traffic. If NONE is specified, no traffic received or sent on these port(s) will be
mirrored. If RX is specified, all traffic received on these port(s) will be mirrored.
If TX is specified, all traffic transmitted on these port(s) will be mirrored. If
BOTH is specified, all traffic received and transmitted will be mirrored. Traffic
will actually only be mirrored if there is a mirror port defined and if mirroring
is enabled. The default is NONE.
traffic. If NONE is specified, no traffic received or sent on these port(s) will be
mirrored. If RX is specified, all traffic received on these port(s) will be mirrored.
If TX is specified, all traffic transmitted on these port(s) will be mirrored. If
BOTH is specified, all traffic received and transmitted will be mirrored. Traffic
will actually only be mirrored if there is a mirror port defined and if mirroring
is enabled. The default is NONE.
To send packets that match particular criteria to the mirror port, first create a
filter match using the command:
filter match using the command:
ADD SWITCH L3FILTER MATCH
Then create a filter entry with the ACTION parameter set to SENDMIRROR,
using the command:
using the command:
ADD SWITCH L3FILTER=filter-id ENTRY ACTION=SENDMIRROR.
By default mirroring is disabled, no mirror port is set, and no source ports are
set to be mirrored. Mirroring can only be enabled after the switch mirror port
has been set to a valid port. If mirroring has been enabled but the switch mirror
port is set to NONE, then mirroring will be disabled. Mirroring is enabled and
disabled using the commands:
set to be mirrored. Mirroring can only be enabled after the switch mirror port
has been set to a valid port. If mirroring has been enabled but the switch mirror
port is set to NONE, then mirroring will be disabled. Mirroring is enabled and
disabled using the commands:
ENABLE SWITCH MIRROR
DISABLE SWITCH MIRROR
The SHOW SWITCH PORT and SHOW SWITCH commands display the
switch and port mirroring settings.
switch and port mirroring settings.
Port security
The port security feature allows control over the stations connected to each
switch port, by MAC address. If enabled on a port, the switch will learn MAC
addresses up to a user-defined limit from 1 to 256, then lock out all other MAC
addresses. One of the following options can be specified for the action taken
when an unknown MAC address is detected on a locked port:
switch port, by MAC address. If enabled on a port, the switch will learn MAC
addresses up to a user-defined limit from 1 to 256, then lock out all other MAC
addresses. One of the following options can be specified for the action taken
when an unknown MAC address is detected on a locked port:
■
Discard the packet and take no further action,
■
Discard the packet and notify management with an SNMP trap,
■
Discard the packet, notify management with an SNMP trap and disable the
port.
port.
To enable port security on a port, set the limit for learned MAC addresses to a
value greater than zero, and specify the action to take for unknown MAC
addresses on a locked port. To disable port security on a port, set the limit for
learned MAC addresses to zero or NONE. Port security can be enabled or
disabled on a port using the command:
value greater than zero, and specify the action to take for unknown MAC
addresses on a locked port. To disable port security on a port, set the limit for
learned MAC addresses to zero or NONE. Port security can be enabled or
disabled on a port using the command:
SET SWITCH PORT={port-list|ALL} LEARN={NONE|0|1..256}
[INTRUSIONACTION={NONE|DISCARD|TRAP|DISABLE}]
The INTRUSIONACTION parameter specifies the action taken when the
port(s) receive packets from addresses which are not part of the learned list of
addresses as specified by the LEARN parameter. If DISCARD is specified,
packets received from MAC addresses not on the port’s learn list will be
port(s) receive packets from addresses which are not part of the learned list of
addresses as specified by the LEARN parameter. If DISCARD is specified,
packets received from MAC addresses not on the port’s learn list will be