Using the mac port security feature, Overview, Chapter 7 – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual
Page 303: Chapter
Multi-Service IronWare Security Configuration Guide
285
53-1003035-02
Chapter
7
Using the MAC Port Security Feature
displays the individual Brocade devices and the MAC Port Security features they support.
Overview
MAC Port Security allows you to configure the device to learn a limited number of “secure” MAC
addresses on an interface. The interface will forward only packets with source MAC addresses that
match these secure addresses. The secure MAC addresses can be specified manually, or the
device can learn them automatically. After the device reaches the limit for the number of secure
MAC addresses it can learn on the interface, if the interface then receives a packet with a source
MAC address that is different from any of the secure learned addresses, it is considered a security
violation.
When a security violation occurs, a Syslog entry and an SNMP trap are generated. In addition, the
device takes one of two actions: it either drops packets from the violating address (but allows
packets from the secure addresses), or it disables the port for a specified amount of time. You
specify which of these actions takes place.
TABLE 42
Supported Brocade MAC port security features
Features
supported
Brocade
NetIron XMR
Series
Brocade
MLX Series
Brocade
NetIron CES
2000 Series
BASE
package
Brocade
NetIron CES
2000 Series
ME_PREM
package
Brocade
NetIron CES
2000 Series
L3_PREM
package
Brocade
NetIron CER
2000 Series
Base
package
Brocade
NetIron CER
2000 Series
Advanced
Services
package
MAC Port
Security
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Port Security
Age Timer
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Denying
Specific MAC
Addresses
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Port Security
MAC Violation
Limit
Yes
Yes
Yes
Yes
Yes
Yes
Yes
MAC Port
Security on
VPLS
endpoints
No
No
No
No
No
No
No
MAC Port
Security on Vll
endpoints
No
No
No
No
No
No
No