beautypg.com

Enabling the mac port security feature, Setting the port security age timer – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 305

background image

Multi-Service IronWare Security Configuration Guide

287

53-1003035-02

Configuring the MAC port security feature

7

Enabling the MAC port security feature

By default, the MAC port security feature is disabled on all interfaces. You can enable or disable the
feature globally on all interfaces or on an individual interface.

To enable the feature globally, first go to the level for global port security and then enter enable, as
follows.

Brocade(config)# global-port-security

Brocade(config-global-port-security)# enable

To disable the feature on all interfaces at once, do the following.

Brocade(config)# global-port-security

Brocade(config-global-port-security)#disable

Syntax: global-port-security

This command is for global enable port security.

To enable port security on a specific interface, first go to the level of a specific interface and then
security level.

Brocade(config)# interface ethernet 7/11

Brocade(config-if-e100-7/11)# port security

Brocade(config-port-security-e100-7/11)# enable

Syntax: enable

This command applies to a specific interface or global configuration. The interface level take
precedence over the global configuration.

Syntax: disable

This command applies to a specific interface or global configuration. The interface level take
precedence over the global configuration.

Setting the maximum number of secure MAC addresses for an interface

When the port security feature is enabled, the interface can store 1 secure MAC address. You can
increase the number of MAC addresses that can be secured to a maximum of 64, plus the total
number of global resources available.

For example, to configure interface 7/11 to have a maximum of 10 secure MAC addresses.

Brocade(config)# interface ethernet 7/11

Brocade(config-if-e100-7/11)# port security

Brocade(config-if-e100-7/11)# maximum 10

Syntax: maximum number-of-addresses

The number-of-addresses parameter can be set to a number from 0 – (64 + the total number of
global resources available) The total number of global resources is 4096. Setting the parameter to
0 prevents any addresses from being learned. The default is 1.

Setting the port security age timer

By default, a learned MAC address stays secure indefinitely. You can configure the device to age
out secure MAC addresses after a specified amount of time and can do so for all timers globally of
for a specific interface.

See also other documents in the category Brocade Computer Accessories: