Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 309

Multi-Service IronWare Security Configuration Guide

291

53-1003035-02

Configuring the MAC port security feature

In addition to the new processing of packets from denied MAC addresses, these packets can now
be logged in the Syslog. And to prevent the Syslog from being overwhelmed with messages for
denied packets, you can specify how many messages will be logged per second, based on a
packet’s IP address.

Brocade(config)# global-port-security

Brocade(config-port-security)# violation restrict 12

Brocade(config-port-security)# deny-log-rate <7>

Syntax: deny-log-rate [#-logs]

The #-logs parameter specifies the count per line card. Enter 1 – 10. There is no default.

The logged message contains the packet’s IP address and the MAC address of the denied packet.
For example, the following configuration shows that violation restrict is configured;

interface ethernet 14/1

port security

enable

maximum 5

violation restrict 1000

secure-mac-address 0000.0022.2222 10

secure-mac-address 0000.0022.2223 10

secure-mac-address 0000.0022.2224 10

secure-mac-address 0000.0022.2225 10

secure-mac-address 0000.0022.2226 10

When packet from MAC address 000.0022.2227, an address that is not a secured MAC address,
the following Syslog message is generated.

SYSLOG: Mar 10 17:36:12:<12>3-RW-Core-3, Interface e14/1 shutdn due to high rate

of denied mac 0000.0022.2227, vlan 10

SYSLOG: Mar 10 17:36:12:<14>3-RW-Core-3, Interface ethernet14/1, state

down - disabled

However, when deny-log-rate is configured,