Local and global resources, Configuring the mac port security feature, Enabling the mac port security feature – Brocade BigIron RX Series Configuration Guide User Manual

1030

BigIron RX Series Configuration Guide

53-1002484-04

Configuring the MAC Port Security feature

33

The secure MAC addresses are not flushed when an interface is disabled and brought up again.
The secure addresses can be kept secure permanently (the default), or can be configured to age
out, at which time they are no longer secure. You can configure the device to automatically save the
list of secure MAC addresses to the startup-config file at specified intervals, allowing addresses to
be kept secure across system restarts.

Local and global resources

The MAC Port Security feature uses a concept of local and global “resources” to determine how
many MAC addresses can be secured on each interface. In this context, a “resource” is the ability
to store one secure MAC address entry. Each interface is allocated 64 local resources. When the
MAC Port Security feature is enabled, the interface can store up to 64 secure MAC address using
local resources.

Besides the maximum of 64 local resources available to an interface, there are additional global
resources. There are 4096 allocated resources globally. Global resources are shared among all the
interfaces on a first-come, first-served basis. When an interface has secured enough MAC
addresses to reach its limit for local resources, it can secure additional MAC addresses by using
available global resources. The maximum number of MAC addresses any single interface can
secure is 64 (the maximum number of local resources available to the interface), plus the number
of global resources not allocated to other interfaces.

Configuring the MAC Port Security feature

To configure the MAC Port Security feature, perform the following tasks:

•

Enable the MAC Port Security feature

•

Set the maximum number of secure MAC addresses for an interface

•

Set the MAC Port Security age timer

•

Specify secure MAC addresses

•

Configure the device to automatically save secure MAC addresses to the startup-config file

•

Specify the action taken when a security violation occurs

Enabling the MAC Port Security feature

By default, MAC Port Security is disabled at the global and interface levels. You can enable or
disable the feature globally on all interfaces at once or on individual interfaces.

If MAC Port Security is enabled at the interface, MAC Port Security will be applied on that specific
interface. If MAC Port Security is enabled at the global level, the feature is enabled on all
interfaces. However, interface configuration will have precedence over the global configuration.
Thus if a MAC Port Security is disabled on a interface, the feature is disabled for that interface even
though MAC Port Security is globally enabled. Also, if MAC Port Security is enabled on a interface,
then the feature remains enabled on that interface even though MAC Port Security is disabled at
the global level.

If MAC Port Security is not configured on an interface, then global level attributes are used.

Also, attributes configured at the interface level takes precedence over the attributes at the global
level.