beautypg.com

Specifying static secure mac addresses, Enabling dynamic mac address learning, Denying specific mac addresses – Brocade BigIron RX Series Configuration Guide User Manual

Page 1110

background image

1032

BigIron RX Series Configuration Guide

53-1002484-04

Configuring the MAC Port Security feature

33

NOTE

If static and dynamic MAC addresses are used and the number of static MAC addresses is less than
the maximum number configured for an interface, then the remaining MAC addresses can be
learned dynamically.

The secure MAC addresses are saved in the start-up configuration if autosave mode is enabled, or
if the configuration is saved.

Specifying static secure MAC addresses

Static secure MAC addresses can be specified only on an interface. The number of static secure
MAC addresses you can add depends on the maximum number of MAC addresses allowed on an
interface. The maximum is 64.

To specify a secure MAC address on an interface, enter commands such as the following.

BigIron RX(config)# interface ethernet 7/11

BigIron RX(config-if-e100-7/11)# port security

BigIron RX(config-port-security-e100-7/11)# secure-mac-address 0050.DA18.747C

Syntax: [no] secure-mac-address <mac-address>

For mac-address, enter the MAC address that you want to allow to access the interface.

Enabling dynamic MAC address learning

To allow the device to dynamically learn secure MAC addresses from packets received on an
interface, enter commands such as the following:

BigIron RX(config)# interface ethernet 7/11

BigIron RX(config-if-e100-7/11)# port security

BigIron RX(config-port-security-e100-7/11)# dynamic-learn

Syntax: [no] dynamic-learn

Denying specific MAC addresses

If there are specific MAC addresses that you want to block, you can add those addresses to a deny
MAC address table by entering commands such as the following:

BigIron RX(config)# interface ethernet 7/11

BigIron RX(config-if-e100-7/11)# port security

BigIron RX(config-port-security-e100-7/11)# deny-mac-address 124a.3cad.01a3

Syntax: [no] deny-mac-address <mac-address>

There can be up to 64 denied MAC addresses for an interface, and up to 512 on a global level.

The MAC address in the deny MAC address table is removed if it ages out or if the violation action is
changed from deny to shutdown or restrict.

See also other documents in the category Brocade Computer Accessories: