Cisco 3845 - Security Bundle Router Software Manual page 380
Software configuration guide
Hide thumbs
Also See for 3845 - Security Bundle Router:
- Manual (94 pages) ,
- Quick start manual (38 pages) ,
- Hardware installation manual (418 pages)
Table of Contents
Advertisement
Configuring EVC MAC Security
Command
Step 6
encapsulation {default | dot1q |
priority-tagged | untagged}
Step 7
bridge-domain bridge-id
[split-horizon group group-id]
Step 8
mac security
Step 9
mac security address {permit |
deny} mac-address
Step 10
mac security maximum addresses
value
Step 11
mac security violation {protect |
restrict}
Cisco ME 3800X and 3600X Switch Software Configuration Guide
19-10
Purpose
Configure encapsulation type for the service instance.
default—Configure to match all unmatched packets.
•
dot1q—Configure 802.1Q encapsulation.
•
priority-tagged—Specify priority-tagged frames, VLAN-ID 0 and CoS
•
value of 0 to 7.
untagged—Map to untagged VLANs. Only one EFP per port can have
•
untagged encapsulation.
Note
You must configure encapsulation before you can configure a bridge
domain. You must configure a bridge domain to be able to configure
some MAC security commands.
Configure the bridge domain ID. The range is from 1 to 8000.
(Optional) split-horizon group group-id—Configure a split-horizon
•
group. The group ID is from 1 to 3. EFPs in the same bridge domain and
split-horizon group cannot forward traffic between each other, but can
forward traffic between other EFPs in the same bridge domain but not in
the same split-horizon group.
Note
You must configure a bridge domain to see the mac security aging
static command or to configure a MAC security maximum address
value of more than one.
Enable MAC security on the EFP.
(Optional) Configure the specified MAC address to be permitted or denied on
the service instance.
(Optional) Set the maximum number of secure MAC addresses allowed on the
service instance. The range is 1 to 1000. Entering a value of 0 disables
dynamic MAC address learning. The maximum number of secure MAC
addresses on an EFP is 1000.The maximums number on a bridge domain or
on a switch depends on the feature license.
(Optional) Set the violation response on the service instance. If no response
is configured the default response is to errdisable (shut down) the service
instance when a MAC security violation occurs.
•
protect—When the number of port secure MAC addresses reaches the
maximum limit allowed on the port, packets with unknown source
addresses are dropped until you remove a sufficient number of secure
MAC addresses to drop below the maximum value or increase the number
of maximum allowable addresses. You are not notified that a security
violation has occurred.
•
restrict—When the number of secure MAC addresses reaches the limit
allowed on the port, packets with unknown source addresses are dropped
until you remove a sufficient number of secure MAC addresses or
increase the number of maximum allowable addresses. An SNMP trap is
sent, a syslog message is logged, and the violation counter increments.
Chapter 19
Configuring Traffic Control
OL-23400-01
- Quick Links:
- Performance Features
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
