Sunfire B1600 Switch User Manual


 
Chapter 3 General Management of the Switch 3-121
3.4.5 Configuring Static Addresses
You can use address filtering to set static addresses that are bound to a specific port
and VLAN, or to enable port security that restricts all inbound traffic to the entries
currently listed in the address table (including either dynamic or static addresses).
Note the following points about static addresses and port security:
Setting Static Addresses A static address can be assigned to a specific interface
on the switch. When a static address that is currently bound to an interface, is
seen on another interface, the new interface that sees it does not accept or
transmit data from or for that address and does not include the address in its
address table.
Configuring Port Security If you enable port security, the switch stops
dynamically learning new addresses on the specified port. Only incoming traffic
with source addresses already stored in the dynamic address table are accepted.
To use port security, first allow the switch to dynamically learn the <source MAC
address, VLAN> pair for frames received on an interface for an initial training
period, and then enable port security to stop address learning. Enable the
learning function long enough to ensure that all valid VLAN members are
registered on the selected interface.
To add new VLAN members at a later time, you can manually add static
addresses, or turn off port security to reenable the learning function long enough
for new VLAN members to be registered. Learning may then be disabled again, if
desired, for security.
When configuring static addresses and port security through the web interface or
CLI, the following parameters are displayed or can be configured:
Port – The interface (port or trunk). Up-link ports NETP0 to NETP7 or down-link
ports SNP0 to SNP15.
Secure Port The configured state of port security. The default is disabled.
A secure port has the following restrictions:
It cannot use port monitoring.
It cannot be a multi-VLAN interface.
It cannot be connected to a network interconnection device.
It cannot be a member of an aggregated link.
Number of Static Addresses
24
The number of manually configured addresses.
VLAN The ID of the configured VLAN (1-4094) and its name.
MAC Address The MAC address associated with the interface.
24.Webonly.