Filter
Top Products
1264 PowerConnect B-Series FCX Configuration Guide
53-1002266-01
Configuring the MAC port security feature
35
Local and global resources
The MAC port security feature uses a concept of local and global “resources” to determine how
many MAC addresses can be secured on each interface. In this context, a “resource” is the ability
to store one secure MAC address entry. Each interface is allocated 64 local resources. Additional
global resources are shared among all interfaces on the device.
When the MAC port security feature is enabled on an interface, the interface can store one secure
MAC address. You can increase the number of MAC addresses that can be secured using local
resources to a maximum of 64.
Besides the maximum of 64 local resources available to an interface, there are additional global
resources. Depending on flash memory size, a device can have 1024, 2048, or 4096 global
resources available. When an interface has secured enough MAC addresses to reach its limit for
local resources, it can secure additional MAC addresses by using global resources. Global
resources are shared among all the interfaces on a first-come, first-served basis.
The maximum number of MAC addresses any single interface can secure is 64 (the maximum
number of local resources available to the interface), plus the number of global resources not
allocated to other interfaces.
Configuration notes and feature limitations
The following limitations apply to this feature:
• MAC port security applies only to Ethernet interfaces.
• MAC port security is not supported on static trunk group members or ports that are configured
for link aggregation.
• MAC port security is not supported on 802.1X port security-enabled ports.
• Dell PowerConnect devices do not support the reserved-vlan-id <num> command, which
changes the default VLAN ID for the MAC port security feature.
• The SNMP trap generated for restricted MAC addresses indicates the VLAN ID associated with
the MAC address, as well as the port number and MAC address.
• MAC port security is not supported on ports that have multi-device port authentication
enabled.
Configuring the MAC port security feature
To configure the MAC port security feature, perform the following tasks:
• Enable the MAC port security feature
• Set the maximum number of secure MAC addresses for an interface
• Set the port security age timer
• Specify secure MAC addresses
• Configure the device to automatically save secure MAC addresses to the startup-config file
• Specify the action taken when a security violation occurs