Alcatel-Lucent 6850-48 网络指南
Configuring Learned Port Security
Configuring Learned Port Security
page 3-10
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
Configuring the Number of Filtered MAC Addresses Allowed
By default, five filtered MAC addresses can be learned on an LPS port. To change this number, enter
port-security followed by the port’s slot/port designation, then max-filtering followed by a number
between 1 and 100. For example, the following command sets the maximum number of filtered MAC
addresses learned on port 9 of slot 5 to 18:
port-security followed by the port’s slot/port designation, then max-filtering followed by a number
between 1 and 100. For example, the following command sets the maximum number of filtered MAC
addresses learned on port 9 of slot 5 to 18:
-> port-security 5/9 max-filtering 18
To specify a maximum number of filtered MAC addresses learned on multiple ports, specify a range of
ports or multiple slots. For example:
ports or multiple slots. For example:
-> port-security 5/9-15 max-filtering 10
-> port-security 1/1-5 7/2-8 2/10-14 max-filtering 25
If the maximum number of filtered MAC addresses allowed is reached, either the LPS port is disabled
(Shutdown Violation mode) or MAC address learning is disabled (Restrict Violation mode). Under both
these modes, SNMP traps are generated and the events are logged in the switch log. For information on
configuring the security violation modes, see
(Shutdown Violation mode) or MAC address learning is disabled (Restrict Violation mode). Under both
these modes, SNMP traps are generated and the events are logged in the switch log. For information on
configuring the security violation modes, see
Configuring Authorized MAC Addresses
To configure a single source MAC address entry in the LPS table, enter port-security followed by the
port’s slot/port designation, the keyword mac followed by a valid MAC address, then vlan followed by a
VLAN ID. For example, the following command configures a MAC address for port 4 on slot 6 that
belongs to VLAN 10:
port’s slot/port designation, the keyword mac followed by a valid MAC address, then vlan followed by a
VLAN ID. For example, the following command configures a MAC address for port 4 on slot 6 that
belongs to VLAN 10:
-> port-security 6/4 mac 00:20:da:9f:58:0c vlan 10
Note. If a VLAN is not specified, the default VLAN for the port is used.
Use the no form of this command to clear configured and/or dynamic MAC address entries from the LPS
table. For example, the following command removes a MAC address entry for port 4 of slot 6 that belongs
to VLAN 10 from the LPS table:
table. For example, the following command removes a MAC address entry for port 4 of slot 6 that belongs
to VLAN 10 from the LPS table:
-> port-security 6/4 no mac 00:20:da:9f:58:0c vlan 10
Note that when a MAC address is cleared from the LPS table, it is automatically cleared from the source
learning MAC address table at the same time.
learning MAC address table at the same time.
Configuring an Authorized MAC Address Range
By default, each LPS port is set to a range of 00:00:00:00:00:00–ff:ff:ff:ff:ff:ff, which includes all MAC
addresses. If this default is not changed, then addresses received on LPS ports are subject only to the
source learning time limit and maximum number of MAC addresses allowed restrictions for the port.
addresses. If this default is not changed, then addresses received on LPS ports are subject only to the
source learning time limit and maximum number of MAC addresses allowed restrictions for the port.
To configure a source MAC address range for an LPS port, enter port-security followed by the port’s
slot/port designation, then mac-range followed by low and a MAC address, then high and a MAC
address. For example, the following command configures a MAC address range for port 1 on slot 4:
slot/port designation, then mac-range followed by low and a MAC address, then high and a MAC
address. For example, the following command configures a MAC address range for port 1 on slot 4:
-> port-security 4/1 mac-range low 00:20:da:00:00:10 high 00:20:da:00:00:50
To configure a source MAC address range for multiple ports, specify a range of ports or multiple slots. For
example:
example: