Filter
Top Products
724-746-5500 | blackbox.com
724-746-5500 | blackbox.com
Page 199
LGB5028A User‘s Manual
Chapter 7: Security
To understand why aging may be desired, consider the following scenario: Suppose an end-host is connected to a third-party
switch or hub, which in turn is connected to a port on this switch on which limit control is enabled. The end-host will be allowed
to forward if the limit is not exceeded. Now suppose that the end-host logs off or powers down: If it wasn't for aging, the end-
host would still take up resources on this switch and will be allowed to forward. To overcome this situation, enable aging. With
aging enabled, a timer is started once the end-host gets secured. When the timer expires, the switch starts looking for frames
from the end-host, and if such frames are not detected within the next aging period, the end-host is assumed to be disconnect-
ed, and the corresponding resources are freed on the switch.
Port Configuration
The table has one row for each port on the selected switch and a number of columns:
Port: The port number to which the configuration below applies.
Mode: Controls whether limit control is enabled on this port. Both this and the global mode must be set to “Enabled” for limit
control to be in effect.
NOTE: Other modules may still use the underlying port security features without enabling limit control on a given port.
Limit: The maximum number of MAC addresses that can be secured on this port. This number cannot exceed 1024. If the limit is
exceeded, the corresponding action is taken.
The switch is “born” with a total number of MAC addresses from which all ports draw whenever a new MAC address is seen on
a port security-enabled port. Since all ports draw from the same pool, it’s possible that a configured maximum cannot be
granted if the remaining ports have already used all available MAC addresses.
Action: If the limit is reached, the switch can take one of the following actions:
None: Do not allow more than Limit MAC addresses on the port, but take no further action.
Trap: If Limit + 1 MAC addresses is seen on the port, send an SNMP trap. If aging is disabled, only one SNMP trap will be sent,
but with aging enabled, new SNMP traps will be sent every time the limit is exceeded.
Shutdown: If Limit + 1 MAC addresses appears on the port, shut down the port. This implies that all secured MAC addresses will
be removed from the port, and no new address will be learned. Even if the link is physically disconnected and reconnected on the
port (by disconnecting the cable), the port will remain shut down. There are three ways to re-open the port:
1. Boot the switch.
2. Disable and re-enable “Limit Control” on the port or the switch.
3. Click the “Reopen” button.
Trap & Shutdown: If Limit + 1 MAC addresses appears on the port, both the “Trap” and the “Shutdown” actions described
above will be taken.
State: This column shows the current state of the port as seen from the limit control's point of view. The state takes one of four
values:
Disabled: Limit Control is either globally disabled or disabled on the port.
Ready: The limit is not yet reached. This can be shown for all actions.
Limit Reached: Indicates that the limit is reached on this port. This state can only be shown if action is set to “None” or “Trap.”
Shutdown: Indicates that the port is shut down by the limit control module. This state can only be shown if action is set to
“Shutdown” or “Trap & Shutdown.”
Re-open Button:
If a port is shut down by this module, you may reopen it by clicking this button, which will only be enabled if this is the case. For
other methods, refer to “Shutdown” in the Action section.