Filter
Top Products
Layer 2 Switching 35
Rapier Switch Software Release 2.2.1
C613-02013-00 Rev A
discarded. If TRAP is specified, packets received from MAC addresses not on
the port’s learn list will be discarded and an SNMP trap will be generated. If
DISABLE is specified, the first time a packet is received from a MAC address
not on the port’s learn list, it will be discarded, an SNMP trap will be generated
and the port(s) will be disabled. To re-enable the port, disable the Port Security
function on the port. The default value for this parameter is DISCARD.
If INTRUSIONACTION is set to TRAP or DISABLE, a list of MAC addresses
for devices that are active on a port, but which are not allowed or learned for
the port, can be displayed using the command:
SHOW SWITCH PORT={port-list|ALL} INTRUSION
Figure 8-1: Example output from the SHOW SWITCH PORT INTRUSION command.
A switch port can be manually locked before it reaches the learning limit, by
using the command:
ACTIVATE SWITCH PORT={port-list|ALL} LOCK
Addresses can be manually added to a port locked list up to a total of 256 MAC
addresses, and the learning limit can be extended to accommodate them, by
using the command:
ADD SWITCH FILTER ACTION={FORWARD|DISCARD} DESTADDRESS=macadd
PORT=port [ENTRY=entry] [LEARN] [VLAN={vlanname|1..4094}]
Learned addresses on locked ports can be saved as part of the switch
configuration, so that they will be part of the configuration after a power cycle,
using the command:
CREATE CONFIG=filename
If the configuration is not saved when there is a locked list for a port, the
learning process begins again after the router is restarted.
Virtual LANs
A Virtual LAN is a software-defined broadcast domain. The switch’s VLAN
feature allows the network to be segmented by software management,
improving network performance. Workstations, servers, and other network
equipment connected to the switch can be grouped according to similar data
and security requirements. Several VLANs can be connected to the same
switch.
Devices that are members of a VLAN only exchange data with each other
through the switching capabilities of the switch. Further flexibility can be
gained by using VLAN tagging. To exchange data between devices in separate
VLANs, the switch’s routing capabilities are used. VLAN status information,
Switch Port Information
----------------------------------------------------------------------------
Port 2 - 13 intrusion(s) detected
00-00-c0-1d-2c-f8 00-90-27-87-a5-22 00-00-cd-01-00-4a
00-d0-b7-4d-93-c0 08-00-5a-a1-02-3f 00-d0-b7-d5-5f-a9
00-b0-d0-20-d1-01 00-90-99-0a-00-49 00-10-83-05-72-83
00-00-cd-00-45-9e 00-00-c0-ad-a3-d0 00-a0-24-8e-65-3c
00-90-27-32-ad-61
----------------------------------------------------------------------------