3.4.5Configuring Static Addresses

You can use address filtering to set static addresses that are bound to a specific port and VLAN, or to enable port security that restricts all inbound traffic to the entries currently listed in the address table (including either dynamic or static addresses).

Note the following points about static addresses and port security:

Setting Static Addresses – A static address can be assigned to a specific interface on the switch. When a static address that is currently bound to an interface, is seen on another interface, the new interface that sees it does not accept or transmit data from or for that address and does not include the address in its address table.

Configuring Port Security – If you enable port security, the switch stops dynamically learning new addresses on the specified port. Only incoming traffic with source addresses already stored in the dynamic address table are accepted. To use port security, first allow the switch to dynamically learn the <source MAC address, VLAN> pair for frames received on an interface for an initial training period, and then enable port security to stop address learning. Enable the learning function long enough to ensure that all valid VLAN members are registered on the selected interface.

To add new VLAN members at a later time, you can manually add static addresses, or turn off port security to reenable the learning function long enough for new VLAN members to be registered. Learning may then be disabled again, if desired, for security.

When configuring static addresses and port security through the web interface or CLI, the following parameters are displayed or can be configured:

Port – The interface (port or trunk). Up-link ports NETP0 to NETP7 or down-link ports SNP0 to SNP15.

Secure Port – The configured state of port security. The default is disabled. A secure port has the following restrictions:

It cannot use port monitoring.

It cannot be a multi-VLAN interface.

It cannot be connected to a network interconnection device.

It cannot be a member of an aggregated link.

Number of Static Addresses24 – The number of manually configured addresses.

VLAN – The ID of the configured VLAN (1-4094) and its name.

MAC Address – The MAC address associated with the interface.

24.Web only.

Chapter 3 General Management of the Switch 3-121

Page 159
Image 159
Sunfire B1600 manual Configuring Static Addresses