Secured MACs Learned Dynamically

OcNOS-RON : Layer 2 Guide : Layer 2 Configuration Guide : Port Security Configuration : Secured MACs Learned Dynamically

Figure 11-19: Secured MACs learned dynamically

Send Layer-2 traffic with incremental source MAC of 100 and with VLAN 100 from IXIA1 and since max limit is configured as 3 – only 3 secure MAC addresses will be learned by SW1.

SW1

#configure terminal	Enter configure mode.
(config)#hostname SW1	Set the host name
(config)#bridge 1 protocol rstp vlan-bridge	Create a RSTP VLAN bridge on customer side
(config)#vlan 2-200 bridge 1 state enable	Configure VLAN for the bridge
(config)#interface ge1	Enter interface mode
(config-if)#switchport	Make the interface Layer 2
(config-if)#bridge-group 1	Associate the interface to bridge
(config-if)#switchport mode hybrid	Configure the mode as trunk
(config-if)#switchport hybrid allowed vlan all	Configure allowed VLAN all on the interface
(config-if)#switchport port-security	Enable port security mode dynamic
(config-if)#switchport port-security maximum 3	Limit secure MAC to 3 mac addresses.
(config-if)#exit	Exit interface mode
(config)#interface ge2	Enter interface mode
(config-if)#switchport	Make the interface Layer 2
(config-if)#bridge-group 1	Associate the interface to bridge
(config-if)#switchport mode hybrid	Configure the mode as trunk
(config-if)#switchport hybrid allowed vlan all	Configure allowed VLAN all on the interface
(config-if)#exit	Exit interface mode
(config)#logging monitor 7	Enable logging level as 7 for debugging

Validation

Validation commands are “show port-security,” “show port-security interface <ifname>,” “show mac address-table count bridge 1,” “show bridge,” and “show mac address-table bridge 1.”

SW1#show port-security

Port port-security mode MAC limit CVLAN SVLAN static secure MAC

-------+-------------------+---------+------+------+-----------------

ge1 dynamic 3

SW1#show port-security interface ge1

Port Security Mode : Dynamic

Secure MAC limit : 3

Static Secure MAC list :

CVLAN SVLAN MAC Address

------+------+----------------

SW1#show mac address-table count bridge 1

MAC Entries for all vlans:

Dynamic Address Count: 3

Static (User-defined) Unicast MAC Address Count: 0

Static (User-defined) Multicast MAC Address Count: 0

Total MAC Addresses in Use: 3

SW1#show bridge

Ageout time is global and if something is configured for vxlan then it will be affected here also

Bridge CVLAN SVLAN BVLAN Port MAC Address FWD Time-out

---------+------+------+------+-----------+-----------------+-----+---------+

1 100 ge1 0000.0300.0500 1 100

1 100 ge1 0000.0300.055b 1 100

1 100 ge1 0000.0300.055c 1 100

SW1#show mac address-table bridge 1

VLAN MAC Address Type Ports Port-security

------+---------------+---------+---------+--------------

100 0000.0300.0500 dynamic ge1 Enable

100 0000.0300.055b dynamic ge1 Enable

100 0000.0300.055c dynamic ge1 Enable

SW1#

Last modified date: 07/13/2023