Alcatel-Lucent 6600 Switch User Manual

Open as PDF

of 654

Selecting the Security Violation Mode Configuring Learned Port Security

page 3-10 OmniSwitch 6600 Family Network Configuration Guide April 2006

Selecting the Security Violation Mode

By default, the security violation mode for an LPS port is set to restrict. In this mode, when an unautho-

rized source MAC address is received on an LPS port, the packet containing the address is blocked.

However, all other packets containing an authorized source MAC address are still allowed on the port.

Note that unauthorized source MAC addresses are not learned in the LPS table but are still recorded in the

source learning MAC address table with a filtered operational status. This allows the user to view MAC

addresses that were attempting unauthorized access to the LPS port.

The other violation mode option is shutdown. In this mode, the LPS port is disabled when an unautho-

rized MAC address is received; all traffic is prevented from forwarding on the port.

To configure the security violation mode for an LPS port, enter port-security followed by the port’s

slot/port designation, then violation followed by restrict or shutdown. For example, the following

command selects the shutdown mode for port 1 on slot 4:

-> port-security 4/1 violation shutdown

To configure the security violation mode for multiple LPS ports, specify a range of ports or multiple slots.

For example:

-> port-security 4/1-10 violation shutdown

-> port-security 1/10-15 2/1-10 violation restrict

Restoring the Operational State of an LPS Port

After a security violation occurs, the LPS port is either administratively disabled or is filtering traffic from

one or more source MAC address. To return the port to normal operation without having to manually reset

the port and/or module, use the port-security release command. For example:

-> port-security 4/1 release

-> port-security 1/10-15 2/1-10 release

When this command is used, all MAC addresses known to the specified port are flushed from the switch

MAC address table.

Note. Using the port-security release command restores the port to the same operational state it was in

prior to the security violation. This includes the activation of any existing LPS configuration for the port,

LPS monitoring of the port is automatically restored.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Alcatel-Lucent 6600 Switch User Manual