Support User Manuals

Sunfire B1600 Switch User Manual

Open as PDF

of 402

Chapter 3 General Management of the Switch 3-121

3.4.5 Configuring Static Addresses

You can use address filtering to set static addresses that are bound to a specific port

and VLAN, or to enable port security that restricts all inbound traffic to the entries

currently listed in the address table (including either dynamic or static addresses).

Note the following points about static addresses and port security:

■ Setting Static Addresses – A static address can be assigned to a specific interface

on the switch. When a static address that is currently bound to an interface, is

seen on another interface, the new interface that sees it does not accept or

transmit data from or for that address and does not include the address in its

address table.

■ Configuring Port Security – If you enable port security, the switch stops

dynamically learning new addresses on the specified port. Only incoming traffic

with source addresses already stored in the dynamic address table are accepted.

To use port security, first allow the switch to dynamically learn the <source MAC

address, VLAN> pair for frames received on an interface for an initial training

period, and then enable port security to stop address learning. Enable the

learning function long enough to ensure that all valid VLAN members are

registered on the selected interface.

To add new VLAN members at a later time, you can manually add static

addresses, or turn off port security to reenable the learning function long enough

for new VLAN members to be registered. Learning may then be disabled again, if

desired, for security.

When configuring static addresses and port security through the web interface or

CLI, the following parameters are displayed or can be configured:

■ Port – The interface (port or trunk). Up-link ports NETP0 to NETP7 or down-link

ports SNP0 to SNP15.

■ Secure Port – The configured state of port security. The default is disabled.

A secure port has the following restrictions:

■ It cannot use port monitoring.

■ It cannot be a multi-VLAN interface.

■ It cannot be connected to a network interconnection device.

■ It cannot be a member of an aggregated link.

■ Number of Static Addresses

24

– The number of manually configured addresses.

■ VLAN – The ID of the configured VLAN (1-4094) and its name.

■ MAC Address – The MAC address associated with the interface.

24.Webonly.

previous next