Support User Manuals

Allied Telesis 86241-06 Switch User Manual

Open as PDF

of 30

Patch 86241-06 For Rapier Switches 29

Patch 86241-05 for Software Release 2.4.1

C613-10340-00 REV E

Dynamic Port Security

Dynamic Port Security allows for dynamic MAC address learning on a switch

port. If a MAC address is unused for a period of time, it will be aged from the

database of currently accepted MAC addresses. This allows the learning of

new MAC addresses, which is useful because port security allows the number

of devices that are connected to a particular switch port to be limited.

MAC address learning can be set to static or dynamic by using the RELEARN

parameter in the following command:

SET SWITCH PORT={port-list|ALL} [ACCEPTABLE={ALL|VLAN}]

[BCLIMIT={NONE|limit}] [DESCRIPTION=description]

[DLFLIMIT={NONE|limit}]

[EGRESSLIMIT={NONE|DEFAULT|0|1000..127000|8..1016}]

[INFILTERING={OFF|ON}]

[INGRESSLIMIT={NONE|DEFAULT|0|64..127000|8..1016}]

[LEARN={NONE|0|1..256]

[INTRUSIONACTION={DISABLE|DISCARD|TRAP}]

[MCLIMIT={NONE|limit}] [MIRROR={BOTH|NONE|RX|TX}]

[MODE={AUTONEGOTIATE|MASTER|SLAVE}]

[MULTICASTMODE={A|B|C}] [RELEARN={OFF|ON}]

[SPEED={AUTONEGOTIATE|10MHALF|10MFULL|10MHAUTO|10MFAUTO

|100MHALF|100MFULL|100MHAUTO|100MFAUTO|1000MHALF|1000MF

ULL|1000MHAUTO|1000MFAUTO}]

The RELEARN parameter determines whether dynamic or static MAC address

learning will be used on this port. This parameter has no effect if the security

feature limiting the number of MAC addresses is disabled (i.e. when LEARN=0

or NONE).

If the RELEARN parameter is set to OFF, static MAC address learning is used.

Once a MAC address has been learned it will remain permanently in the

learning database. IF the RELEARN parameter is set to ON, dynamic MAC

address learning is used. If a MAC address is unused for a period of time, it

will be removed from the learning database. Another (or the same) MAC

address can then be learned and stored in the vacant position in the learning

database. When RELEARN is enabled on a port, all existing entries in the

learning database are removed. The elapsed time before a MAC address entry

is removed can be set using the SET SWITCH AGEINGTIMER command (See

the Switch Chapter for more information). The default is OFF.

To see whether the switch is using static or dynamic port security, use the

command:

SHOW SWITCH PORT[={port-list|ALL}]

This command displays general information about the specified switch ports

or all switch ports.

previous