Changing the violation action for an interface, Re-enabling an interface, Interface shutdown time – Brocade BigIron RX Series Configuration Guide User Manual

1038

BigIron RX Series Configuration Guide

53-1002484-04

Re-enabling an interface

33

•

Interfaces that are configured with deny violation action will continue to use the deny violation
action; however, all entries in the MAC table are cleared and any MAC entries in the deny MAC
address list that were inherited from the global deny MAC address list will no longer be denied.
The interface will continue to use the deny MAC addresses configured in its own deny MAC
address list.

Changing the violation action for an interface

The following events occur when the violation action for an interface is changed:

•

If the violation action for an interface is different from the global violation action, then the MAC
entries for the interface are cleared.

•

If the violation action for an interface is either shutdown or restrict but the action for the global
level is deny, then the interface inherits the global deny MAC address list. The entries in the
global deny MAC addreslist are added to the interface’s deny MAC address list. Similar event
occurs if the violation action for an interface is deny but the action at the global level is
shutdown or restrict.

•

When the violation action for an interface is being configured, the violation action of that
interface is updated to the new configured action, irrespective of its current value. Changing
the violation action for an interface clears the MAC addresses entries for that interface.

•

If the violation action configured for an interface is the same as the action the interface is
currently inheriting from the global level, then the violation action for the interface is applied to
the interface. It no longer inherits the action at the global level.

Re-enabling an interface

The violation action of violation shutdown or violation restrict have options that can be configured
to cause an interface to shutdown. If the shutdown option is selected, the following options can be
used to re-enable an interface.

Interface shutdown time

You can specify how long an interface remains shutdown when violation shutdown or violation
restrict is configured. For example, you can enter commands such as the following.

BigIron RX(config)# interface ethernet 7/11

BigIron RX(config-if-e100-7/11)#port security

BigIron RX(config-port-security-e100-7/11)# violation shutdown

BigIron RX(config-port-security-e100-7/11)#shutdown-time 60

Syntax: [no] shutdown-time <minutes>

Enter 0 – 1440 minutes, with 0 as the default. Specifying 0 shuts down the interface permanently
when a MAC Port Security violation occurs.

Manually re-enabling a interface

Once an interface is permanently shut down, an administrator must re-enable the interface by
entering the following command.