Layer 2 Switching | 35 |
discarded. If TRAP is specified, packets received from MAC addresses not on the port’s learn list will be discarded and an SNMP trap will be generated. If DISABLE is specified, the first time a packet is received from a MAC address not on the port’s learn list, it will be discarded, an SNMP trap will be generated and the port(s) will be disabled. To
If INTRUSIONACTION is set to TRAP or DISABLE, a list of MAC addresses for devices that are active on a port, but which are not allowed or learned for the port, can be displayed using the command:
SHOW SWITCH
Figure
Switch Port Information
Port 2 - 13 intrusion(s) detected
A switch port can be manually locked before it reaches the learning limit, by using the command:
ACTIVATE SWITCH
Addresses can be manually added to a port locked list up to a total of 256 MAC addresses, and the learning limit can be extended to accommodate them, by using the command:
ADD SWITCH FILTER ACTION={FORWARDDISCARD} DESTADDRESS=macadd
PORT=port [ENTRY=entry] [LEARN] [VLAN={vlanname1..4094}]
Learned addresses on locked ports can be saved as part of the switch configuration, so that they will be part of the configuration after a power cycle, using the command:
CREATE CONFIG=filename
If the configuration is not saved when there is a locked list for a port, the learning process begins again after the router is restarted.
Virtual LANs
A Virtual LAN is a
Devices that are members of a VLAN only exchange data with each other through the switching capabilities of the switch. Further flexibility can be gained by using VLAN tagging. To exchange data between devices in separate VLANs, the switch’s routing capabilities are used. VLAN status information,
Rapier Switch Software Release 2.2.1