OmniSwitch 6600 Family Network Configuration Guide April 2006 page 3-1
3 Configuring Learned
Port Security
Learned Port Security (LPS) provides a mechanism for authorizing source learning of MAC addresses on
Ethernet and Gigabit Ethernet ports. The only types of Ethernet ports that LPS does not support are link
aggregate and tagged (trunked) link aggregate ports. Using LPS to control source MAC address learning
provides the following benefits:
• A configurable source learning time limit that applies to all LPS ports.
• A configurable limit on the number of MAC addresses allowed on an LPS port.
• Dynamic configuration of a list of authorized source MAC addresses.
• Static configuration of a list of authorized source MAC addresses.
• Two methods for handling unauthorized traffic: stopping all traffic on the port or only blocking traffic
that violates LPS criteria.
In This Chapter
This chapter describes how to configure LPS parameters through the Command Line Interface (CLI). CLI
commands are used in the configuration examples; for more details about the syntax of commands, see the
OmniSwitch CLI Reference Guide.
Configuration procedures described in this chapter include:
• Enabling LPS for a port on page 3-7.
• Specifying a source learning time limit for all LPS ports on page 3-7.
• Configuring the maximum number of MAC addressees learned per port on page 3-8.
• Configuring a list of authorized MAC addresses for an LPS port on page 3-8.
• Configuring a range of authorized MAC addresses for an LPS port on page 3-9.
• Selecting the security violation mode for an LPS port on page 3-10.
• Displaying LPS configuration information on page 3-11.
For more information about source MAC address learning, see Chapter 2, “Managing Source Learning.”