Support User Manuals

Alcatel-Lucent 6600 Switch User Manual

Open as PDF

of 654

Configuring Learned Port Security Sample Learned Port Security Configuration

OmniSwitch 6600 Family Network Configuration Guide April 2006 page 3-3

Sample Learned Port Security Configuration

This section provides a quick tutorial that demonstrates the following tasks:

• Enabling LPS on a set of switch ports.

• Defining the maximum number of learned MAC addresses allowed on an LPS port.

• Defining the time limit in which source learning is allowed on all LPS ports.

• Selecting a method for handling unauthorized traffic received on an LPS port.

Note that LPS is supported on 10/100 and gigabit Ethernet fixed, mobile, tagged and authenticated ports.

Link aggregate and tagged (trunked) link aggregate ports are not eligible for LPS monitoring and control.

1 Enable LPS on ports 6 through 12 on slot 3, 4, and 5 using the following command:

-> port-security 3/6-12 4/6-12 5/6-12 enable

2 Set the total number of learned MAC addresses allowed on the same ports to 25 using the following

command:

-> port-security 3/6-12 4/6-12 5/6-12 maximum 25

3 Configure the amount of time in which source learning is allowed on all LPS ports to 30 minutes using

the following command:

-> port-security shutdown 30

4 Select shutdown for the LPS violation mode using the following command:

-> port-security 3/6-12 4/6-12 5/6-12 violation shutdown

Note. Optional. To verify LPS port configurations, use the show port-security command. For example:

-> show port-security

Port Security MaxMacs Violation IndividualMac MacType

-------+-----------+---------+-----------+------------------+-----------

1/12 enabled 100 restrict 00:01:96:1c:f1:c0 dynamic

00:06:5b:a3:19:3f dynamic

1/23 enabled 2 restrict 00:95:2a:0f:ce:19 configured

00:95:2a:5e:cf:2a configured

1/24 enabled 100 shutdown

-> show port-security config-mac-range

Port LowMac HighMac

---------+-------------------+-----------------

1/12 00:00:00:00:00:00 ff:ff:ff:ff:ff:ff

1/23 00:00:00:00:00:00 ff:ff:ff:ff:ff:ff

1/24 00:95:2a:00:00:5a 00:95:2a:00:00:6f

To verify the source learning time limit value, use the show port-security shutdown command. For

example:

-> show port-security shutdown

LPS Shutdown = 60 mins

previous next