Alcatel-Lucent 6850-48 Guida Di Rete
Configuring Learned Port Security
Configuring Learned Port Security
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 3-9
Note. The number of converted static MAC addresses cannot exceed the maximum number of MAC
addresses allowed on the LPS ports.
addresses allowed on the LPS ports.
Note. The conversion of dynamic MAC addresses to static ones does not apply to LPS mobile and authen-
ticated ports.
ticated ports.
Configuring the Number of Bridged MAC Addresses Allowed
By default, one MAC address is allowed on an LPS port. To change this number, enter port-security
followed by the port’s slot/port designation, then maximum followed by a number between 1 and 100.
For example, the following command sets the maximum number of MAC addresses learned on port 10 of
slot 6 to 75:
followed by the port’s slot/port designation, then maximum followed by a number between 1 and 100.
For example, the following command sets the maximum number of MAC addresses learned on port 10 of
slot 6 to 75:
-> port-security 6/10 maximum 75
To specify a maximum number of MAC addresses allowed for multiple ports, specify a range of ports or
multiple slots. For example:
multiple slots. For example:
-> port-security 1/10-15 maximum 10
-> port-security 2/1-5 4/2-8 5/10-14 maximum 25
Note that configured MAC addresses count towards the maximum number allowed. For example, if there
are 10 configured authorized MAC addresses for an LPS port and the maximum number of addresses
allowed is set to 15, then only 5 dynamically learned MAC address are allowed on this port.
are 10 configured authorized MAC addresses for an LPS port and the maximum number of addresses
allowed is set to 15, then only 5 dynamically learned MAC address are allowed on this port.
If the maximum number of MAC addresses allowed is reached before the switch LPS time limit expires,
then all source learning of dynamic and configured MAC addresses is stopped on the LPS port.
then all source learning of dynamic and configured MAC addresses is stopped on the LPS port.
Configuring the Trap Threshold for Bridged MAC Addresses
The LPS trap threshold value determines how many bridged MAC addresses the port must learn before a
trap is sent. Once this value is reached, a trap is sent for every MAC learned thereafter.
trap is sent. Once this value is reached, a trap is sent for every MAC learned thereafter.
By default, when five bridged MAC addresses are learned on an LPS port, the switch sends a trap. To
change the trap threshold value, use the
change the trap threshold value, use the
command. For example:
-> port-security learn-trap-threshold 10
Sending a trap when this threshold is reached provides notification of newly learned bridged MAC
addresses. Trap contents includes identifying information about the MAC, such as the address itself, the
corresponding IP address, switch identification, and the slot and port number on which the MAC was
learned.
addresses. Trap contents includes identifying information about the MAC, such as the address itself, the
corresponding IP address, switch identification, and the slot and port number on which the MAC was
learned.