Alcatel-Lucent 6850-48 ネットワークガイド
Learned Port Security Overview
Configuring Learned Port Security
page 3-6
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
Static Configuration of Authorized MAC Addresses
It is also possible to statically configure authorized source MAC address entries into the LPS table. This
type of entry behaves the same way as dynamically configured entries in that it authorizes port access to
traffic that contains a matching source MAC address.
type of entry behaves the same way as dynamically configured entries in that it authorizes port access to
traffic that contains a matching source MAC address.
Static source MAC address entries, however, take precedence over dynamically learned entries. For exam-
ple, if there are 2 static MAC address entries configured for port 2/1 and the maximum number allowed on
port 2/1 is 10, then only 8 dynamically learned MAC addresses are allowed on this port.
ple, if there are 2 static MAC address entries configured for port 2/1 and the maximum number allowed on
port 2/1 is 10, then only 8 dynamically learned MAC addresses are allowed on this port.
Note that source learning of configured authorized MAC addresses is still allowed after the LPS time limit
has expired. However, all learning is stopped if the number of MAC addresses learned meets or exceeds
the maximum number of addresses allowed, even if the LPS time limit has not expired.
has expired. However, all learning is stopped if the number of MAC addresses learned meets or exceeds
the maximum number of addresses allowed, even if the LPS time limit has not expired.
There are two ways to define a static source MAC address entry in the LPS table; specify an individual
MAC address or a range of MAC addresses. See
MAC address or a range of MAC addresses. See
for more information.
Note. Statically configured authorized MAC addresses are displayed permanently in the MAC address
table for the specified LPS port; they will not be learned on any other port in the same VLAN.
table for the specified LPS port; they will not be learned on any other port in the same VLAN.
Understanding the LPS Table
The LPS database table is separate from the source learning MAC address table. However, when a MAC is
authorized for learning on an LPS port, an entry is made in the MAC address table in the same manner as
if it was learned on a non-LPS port (see
authorized for learning on an LPS port, an entry is made in the MAC address table in the same manner as
if it was learned on a non-LPS port (see
for more information).
In addition to dynamic and configured source MAC address entries, the LPS table also provides the
following information for each eligible LPS port:
following information for each eligible LPS port:
• The LPS status for the port; enabled or disabled.
• The maximum number of MAC addresses allowed on the port.
• The maximum number of MAC addresses that can be filtered on the port.
• The violation mode selected for the port; restrict or shutdown.
• Statically configured MAC addresses and MAC address ranges.
• All MAC addresses learned on the port.
• The management status for the MAC address entry; configured or dynamic.
If the LPS port is shut down or the network device is disconnected from the port, the LPS table entries and
the source learning MAC address table entries for the port are automatically cleared. In addition, if an LPS
table entry is intentionally cleared from the table, the MAC address for this entry is automatically cleared
from the source learning table at the same time. To override this behavior, a dynamic MAC address can be
converted to a static MAC address using the
the source learning MAC address table entries for the port are automatically cleared. In addition, if an LPS
table entry is intentionally cleared from the table, the MAC address for this entry is automatically cleared
from the source learning table at the same time. To override this behavior, a dynamic MAC address can be
converted to a static MAC address using the
command.
To view the contents of the LPS table, use the
command. Refer to the OmniSwitch
CLI Reference Guide for more information about this command.