Changing the global violation action – Brocade BigIron RX Series Configuration Guide User Manual
Page 1115
BigIron RX Series Configuration Guide
1037
53-1002484-04
Understanding the rules for violation action configuration
33
Syntax: [no] violation deny [force]
If the force parameter is used, then the MAC addresses are denied automatically; otherwise,
prompts are displayed to confirm whether or not the MAC addresses are to be denied.
Understanding the rules for violation action configuration
There are certain things to note when configuring or changing the violation action at the global or
interface level.
Interaction between global and interface level violation
actions
•
If there is no violation action configured at the global or interface level, then the default
violation action at the global level is shutdown and is applied to all interfaces.
•
If shutdown or restrict is the violation action configured at the global level and no violation
action is configured in the interface level, then the interface inherits the secure MAC list
configured at the global level.
•
If deny is the violation action at the global level and no violation action is configured at the
interface level, then the interface inherits the global deny MAC list.
•
If no violation action is configured on an interface, then the interface inherits the violation
action configured at the global level.
Changing the global violation action
If the global violation action changes from shutdown or restrict to deny, then the following occur:
•
All interfaces that inherit the global violation action inherit the new global violation action.
•
All MAC address entries are cleared on all interfaces that inherit the new global violation
action.
•
Interfaces that are configured with shutdown or restrict violation action will continue to use
their configured violation action; however, any secure MAC addresses inherited from the global
secure MAC address list will no longer be secure,but the secure MAC addresses at the
interface level will remain secure.
•
Interfaces on which deny is the configured violation action inherit any new secure MAC
addresses configured at the global level.
If the global violation action changes from deny to shutdown or restrict, the following occur:
•
All interfaces that inherit the global violation action inherit the new global violation action.
•
All MAC address entries are cleared on all interfaces that inherit the new global violation
action.
•
Interfaces that are configured with shutdown or restrict violation action inherit any new deny
MAC addresses configured at the global level.