Patch 86241-06 For Rapier Switches

29

Dynamic Port Security

Dynamic Port Security allows for dynamic MAC address learning on a switch port. If a MAC address is unused for a period of time, it will be aged from the database of currently accepted MAC addresses. This allows the learning of new MAC addresses, which is useful because port security allows the number of devices that are connected to a particular switch port to be limited.

MAC address learning can be set to static or dynamic by using the RELEARN parameter in the following command:

SET SWITCH PORT={port-listALL} [ACCEPTABLE={ALLVLAN}] [BCLIMIT={NONElimit}] [DESCRIPTION=description] [DLFLIMIT={NONElimit}] [EGRESSLIMIT={NONEDEFAULT01000..1270008..1016}] [INFILTERING={OFFON}] [INGRESSLIMIT={NONEDEFAULT064..1270008..1016}] [LEARN={NONE01..256]

[INTRUSIONACTION={DISABLEDISCARDTRAP}] [MCLIMIT={NONElimit}] [MIRROR={BOTHNONERXTX}] [MODE={AUTONEGOTIATEMASTERSLAVE}] [MULTICASTMODE={ABC}] [RELEARN={OFFON}] [SPEED={AUTONEGOTIATE10MHALF10MFULL10MHAUTO10MFAUTO 100MHALF100MFULL100MHAUTO100MFAUTO1000MHALF1000MF ULL1000MHAUTO1000MFAUTO}]

The RELEARN parameter determines whether dynamic or static MAC address learning will be used on this port. This parameter has no effect if the security feature limiting the number of MAC addresses is disabled (i.e. when LEARN=0 or NONE).

If the RELEARN parameter is set to OFF, static MAC address learning is used. Once a MAC address has been learned it will remain permanently in the learning database. IF the RELEARN parameter is set to ON, dynamic MAC address learning is used. If a MAC address is unused for a period of time, it will be removed from the learning database. Another (or the same) MAC address can then be learned and stored in the vacant position in the learning database. When RELEARN is enabled on a port, all existing entries in the learning database are removed. The elapsed time before a MAC address entry is removed can be set using the SET SWITCH AGEINGTIMER command (See the Switch Chapter for more information). The default is OFF.

To see whether the switch is using static or dynamic port security, use the command:

SHOW SWITCH PORT[={port-listALL}]

This command displays general information about the specified switch ports or all switch ports.

Patch 86241-05 for Software Release 2.4.1 C613-10340-00 REV E

Page 29
Image 29
Allied Telesis 86241-06 manual Dynamic Port Security