beautypg.com

Specifying secure mac addresses – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 306

background image

288

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring the MAC port security feature

7

To set the port security age timer to 10 minutes on all interfaces, first go to the level for global
security.

Brocade(config)# global-port-security

Brocade(config-global-port-security)# age 10

Syntax: global-port-security

Syntax: [no] age minutes

The default is 0 (never age out secure MAC addresses).

To set the port security age timer to 10 minutes on a specific interface, go to the interface level and
then the port security level for that interface.

Brocade(config)# interface ethernet 7/11

Brocade(config-if-e100-7/11)# port security

Brocade(config-port-security-e100-7/11)# age 10

Syntax: port security

Syntax: [no] age minutes

The default is 0 (never age out secure MAC addresses).

Specifying secure MAC addresses

To specify a secure MAC address on an interface, enter commands such as the following.

Brocade(config)# interface ethernet 7/11

Brocade(config-if-e100-7/11)# port security

Brocade(config-port-security-e100-7/11)# secure 0050.DA18.747C

Syntax: [no] secure mac-address

Autosaving secure MAC addresses to the startup-config file

The learned MAC addresses can automatically be saved to the startup-config file at specified
intervals. You can specify the autosave interval at the global level. For example, to set a 20-minute
autosave interval globally for learned secure MAC addresses on the router, enter the following
commands.

Brocade(config)# global-port-security

Brocade(config-port-security)# autosave 20

Syntax: global-port-security

Syntax: [no] autosave minutes

The interval range is 15 – 1440 minutes. By default, secure MAC addresses are not autosaved to
the startup-config file. To remove autosave intervals, use the no form of the autosave command.

Setting to delete a dynamically learned MAC address on
a disabled interface

By default, a dynamically learned MAC address is not deleted even though the port goes down. You
can configure the device to delete a dynamically learned secure MAC addresses when a port goes
down, for example, disabled either manually by a user or through a security violation.

See also other documents in the category Brocade Computer Accessories: