Alcatel-Lucent 6850-48 ネットワークガイド
Configuring Learned Port Security
Configuring Learned Port Security
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 3-11
-> port-security 4/1-5 mac-range low 00:20:da:00:00:10 high 00:20:da:00:00:50
-> port-security 2/1-4 4/5-8 mac-range low 00:20:d0:59:0c:9a high
00:20:d0:59:0c:9f
To set the range back to the default values, enter port-security followed by the port’s slot/port designa-
tion, then mac-range. Leaving off the low and high MAC addresses will reset the range back to
00:00:00:00:00:00 and ff:ff:ff:ff:ff:ff. For example, the following command sets the authorized MAC
address range to the default values for port 12 of slot 4:
tion, then mac-range. Leaving off the low and high MAC addresses will reset the range back to
00:00:00:00:00:00 and ff:ff:ff:ff:ff:ff. For example, the following command sets the authorized MAC
address range to the default values for port 12 of slot 4:
-> port-security 4/12 mac-range
In addition, specifying a low end MAC and a high end MAC is optional. If either one is not specified, the
default value is used. For example, the following commands set the authorized MAC address range on the
specified ports to 00:da:25:59:0c:10–ff:ff:ff:ff:ff:ff and 00:00:00:00:00:00–00:da:25:00:00:9a:
default value is used. For example, the following commands set the authorized MAC address range on the
specified ports to 00:da:25:59:0c:10–ff:ff:ff:ff:ff:ff and 00:00:00:00:00:00–00:da:25:00:00:9a:
-> port-security 2/8 mac-range low pp:da:25:59:0c
-> port-security 2/10 mac-range high 00:da:25:00:00:9a
Refer to the OmniSwitch CLI Reference Guide for more information about this command.
Selecting the Security Violation Mode
By default, the security violation mode for an LPS port is set to restrict. In this mode, when an unautho-
rized MAC address is received on an LPS port, the packet containing the address is blocked. However, all
other packets that contain an authorized source MAC address are allowed to forward on the port.
rized MAC address is received on an LPS port, the packet containing the address is blocked. However, all
other packets that contain an authorized source MAC address are allowed to forward on the port.
Note that unauthorized source MAC addresses are not learned in the LPS table but are still recorded in the
source learning MAC address table with a filtered operational status. This allows the user to view MAC
addresses that were attempting unauthorized access to the LPS port.
source learning MAC address table with a filtered operational status. This allows the user to view MAC
addresses that were attempting unauthorized access to the LPS port.
The other violation mode option is shutdown. In this mode, the LPS port is disabled when an unautho-
rized MAC address is received; all traffic is prevented from forwarding on the port. After a shutdown
occurs, a manual reset is required to return the port back to normal operation.
rized MAC address is received; all traffic is prevented from forwarding on the port. After a shutdown
occurs, a manual reset is required to return the port back to normal operation.
To configure the security violation mode for an LPS port, enter port-security followed by the port’s
slot/port designation, then violation followed by restrict or shutdown. For example, the following
command selects the shutdown mode for port 1 on slot 4:
slot/port designation, then violation followed by restrict or shutdown. For example, the following
command selects the shutdown mode for port 1 on slot 4:
-> port-security 4/1 violation shutdown
To configure the security violation mode for multiple LPS ports, specify a range of ports or multiple slots.
For example:
For example:
-> port-security 4/1-10 violation shutdown
-> port-security 1/10-15 2/1-10 violation restrict