Alcatel-Lucent 6600 Switch User Manual


 
Selecting the Security Violation Mode Configuring Learned Port Security
page 3-10 OmniSwitch 6600 Family Network Configuration Guide April 2006
Selecting the Security Violation Mode
By default, the security violation mode for an LPS port is set to restrict. In this mode, when an unautho-
rized source MAC address is received on an LPS port, the packet containing the address is blocked.
However, all other packets containing an authorized source MAC address are still allowed on the port.
Note that unauthorized source MAC addresses are not learned in the LPS table but are still recorded in the
source learning MAC address table with a filtered operational status. This allows the user to view MAC
addresses that were attempting unauthorized access to the LPS port.
The other violation mode option is shutdown. In this mode, the LPS port is disabled when an unautho-
rized MAC address is received; all traffic is prevented from forwarding on the port.
To configure the security violation mode for an LPS port, enter port-security followed by the port’s
slot/port designation, then violation followed by restrict or shutdown. For example, the following
command selects the shutdown mode for port 1 on slot 4:
-> port-security 4/1 violation shutdown
To configure the security violation mode for multiple LPS ports, specify a range of ports or multiple slots.
For example:
-> port-security 4/1-10 violation shutdown
-> port-security 1/10-15 2/1-10 violation restrict
Restoring the Operational State of an LPS Port
After a security violation occurs, the LPS port is either administratively disabled or is filtering traffic from
one or more source MAC address. To return the port to normal operation without having to manually reset
the port and/or module, use the port-security release command. For example:
-> port-security 4/1 release
-> port-security 1/10-15 2/1-10 release
When this command is used, all MAC addresses known to the specified port are flushed from the switch
MAC address table.
Note. Using the port-security release command restores the port to the same operational state it was in
prior to the security violation. This includes the activation of any existing LPS configuration for the port,
LPS monitoring of the port is automatically restored.