Configuration notes and feature limitations, Configuring the mac port security feature, Enabling the mac port security feature – Brocade TurboIron 24X Series Configuration Guide User Manual
Page 1026
992
Brocade TurboIron 24X Series Configuration Guide
53-1003053-01
Configuring the MAC port security feature
Besides the maximum of 64 local resources available to an interface, there are additional global
resources. Depending on flash memory size, a device can have 1024, 2048, or 4096 global
resources available. When an interface has secured enough MAC addresses to reach its limit for
local resources, it can secure additional MAC addresses by using global resources. Global
resources are shared among all the interfaces on a first-come, first-served basis.
The maximum number of MAC addresses any single interface can secure is 64 (the maximum
number of local resources available to the interface), plus the number of global resources not
allocated to other interfaces.
Configuration notes and feature limitations
The following limitations apply to this feature:
•
MAC port security applies only to Ethernet interfaces.
•
MAC port security is not supported on static trunk group members or ports that are configured
for link aggregation.
•
MAC port security is not supported on 802.1X port security-enabled ports.
•
Devices do not support the reserved-vlan-id num command, which changes the default VLAN
ID for the MAC port security feature.
•
The SNMP trap generated for restricted MAC addresses indicates the VLAN ID associated with
the MAC address, as well as the port number and MAC address.
•
MAC port security is not supported on ports that have multi-device port authentication
enabled.
Configuring the MAC port security feature
To configure the MAC port security feature, perform the following tasks:
•
Enable the MAC port security feature
•
Set the maximum number of secure MAC addresses for an interface
•
Set the port security age timer
•
Specify secure MAC addresses
•
Configure the device to automatically save secure MAC addresses to the startup-config file
•
Specify the action taken when a security violation occurs
•
Deny specific MAC addresses
Enabling the MAC port security feature
By default, the MAC port security feature is disabled on all interfaces. You can enable or disable the
feature globally on all interfaces at once, or on individual interfaces.
To enable the feature on all interfaces at once, enter the following commands.
TurboIron(config)#port security
TurboIron(config-port-security)#enable
To disable the feature on all interfaces at once, enter the following commands.