beautypg.com

Denying a mac address – Brocade BigIron RX Series Configuration Guide User Manual

Page 1114

background image

1036

BigIron RX Series Configuration Guide

53-1002484-04

Defining security violation actions

33

The logged message contains the packet’s IP address and the MAC address of the denied packet.
For example, the following configuration shows that violation restrict is configured;

interface ethernet 14/1

port security

enable

maximum 5

violation restrict

secure-mac-address 0000.0022.2222 10

secure-mac-address 0000.0022.2223 10

secure-mac-address 0000.0022.2224 10

secure-mac-address 0000.0022.2225 10

secure-mac-address 0000.0022.2226 10

When packet from MAC address 000.0022.2227, an address that is not a secured MAC address,
the following Syslog message is generated.

SYSLOG: Mar 10 17:36:12:

<

12

>

3-RW-Core-3, Interface e14/1 shutdn due to high rate

of denied mac 0000.0022.2227, vlan 10

SYSLOG: Mar 10 17:36:12:

<

14

>

3-RW-Core-3, Interface ethernet14/1, state

down - disabled

However, when deny-log-rate is configured,

interface ethernet 14/1

disable

port security

enable

maximum 5

violation restrict 1000

deny-log-rate 4

secure-mac-address 0000.0022.2222 10

secure-mac-address 0000.0022.2223 10

secure-mac-address 0000.0022.2224 10

secure-mac-address 0000.0022.2225 10

secure-mac-address 0000.0022.2226 10

The following Syslog messages are generated.

Mar 10 17:38:51:I:Port security denied pkt: 0000.0022.2224 -

>

0000.0011.1111

198.19.1.2 -

>

198.19.1.1 [Protocol:114]

Mar 10 17:38:51:I:Port security denied pkt: 0000.0022.2224 -

>

0000.0011.1111

198.19.1.2 -

>

198.19.1.1 [Protocol:114]

Mar 10 17:38:51:I:Port security denied pkt: 0000.0022.2224 -

>

0000.0011.1111

198.19.1.2 -

>

198.19.1.1 [Protocol:114]

Mar 10 17:38:51:I:Port security denied pkt: 0000.0022.2224 -

>

0000.0011.1111

198.19.1.2 -

>

198.19.1.1 [Protocol:114]

Mar 10 17:38:51:I:Port security denied pkt: 0000.0022.2224 -

>

0000.0011.1111

198.19.1.2 -

>

198.19.1.1 [Protocol:114]

Denying a MAC address

The action violation deny can be configured for unsecure MAC addresses that are received on an
interface. This option denies all MAC addresses in the deny MAC address list. To enable this
violation action, enter the following command,

BigIron RX(config)# interface ethernet 7/11

BigIron RX(config-if-e100-7/11)#port security

BigIron RX(config-port-security-e100-7/11)# violation deny

See also other documents in the category Brocade Computer Accessories: