Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: nsp: foundry

MAC security per VLAN

  

 
nsp foundry RSS feed   Index | Next | Previous | View Threaded


minotaur at crete

Jul 16, 2012, 4:30 PM

Post #1 of 3 (478 views)
Permalink
MAC security per VLAN
Hello!

I have some customer's connections to my MLXe box. All its ports are
switched, and there are some tagged VLANs in them.

I need to disable MAC learning only in one VLAN, in other VLANs MAC
learning should be enabled without any limits.

In 'port security' configuration section of interface I can set up
static MAC addresses in certain VLAN, but I cannot disable MAC learning
per VLAN: 'dynamic-learn' command does not have VLAN parameter.

Is there a way to achieve this? Thanks in advance!

P.S. Please don't blame me for mention of rival but in Extreme XOS
it can be done very easily with two commands:
# configure port X vlan Test limit-learning 0
# create fdbentry 00:11:12:13:14:15 vlan Test port X

--
MINO-RIPE
_______________________________________________
foundry-nsp mailing list
foundry-nsp [at] puck
http://puck.nether.net/mailman/listinfo/foundry-nsp


wardenm at wardenm

Jul 17, 2012, 2:09 PM

Post #2 of 3 (449 views)
Permalink
Re: MAC security per VLAN [In reply to]
Hi Alexander

> I need to disable MAC learning only in one VLAN, in other VLANs MAC
> learning should be enabled without any limits.
>
> In 'port security' configuration section of interface I can set up
> static MAC addresses in certain VLAN, but I cannot disable MAC learning
> per VLAN: 'dynamic-learn' command does not have VLAN parameter.
>
> Is there a way to achieve this? Thanks in advance!
>


Have you looked at the 'transparent-hw-flooding' option? It's applied under the vlan configuration. It will turn off MAC learning for the VLAN.

Cheers.
Mitchell


_______________________________________________
foundry-nsp mailing list
foundry-nsp [at] puck
http://puck.nether.net/mailman/listinfo/foundry-nsp


minotaur at crete

Jul 18, 2012, 5:27 AM

Post #3 of 3 (448 views)
Permalink
Re: MAC security per VLAN [In reply to]
On Wed, Jul 18, 2012 at 07:09:40AM +1000, Mitchell Warden wrote:
> Hi Alexander
>
> > I need to disable MAC learning only in one VLAN, in other VLANs MAC
> > learning should be enabled without any limits.
> >
> > In 'port security' configuration section of interface I can set up
> > static MAC addresses in certain VLAN, but I cannot disable MAC learning
> > per VLAN: 'dynamic-learn' command does not have VLAN parameter.
> >
> > Is there a way to achieve this? Thanks in advance!
> >
>
>
> Have you looked at the 'transparent-hw-flooding' option? It's applied under the vlan configuration. It will turn off MAC learning for the VLAN.

Hi Mitchell,

Thank you for advice.

Yes, I have looked at transparent-hw-flooding option and tested it.
It's not a good way for us, it turns off MAC learning but enables flooding
in all ports in a VLAN, thus we lose control of MAC addresses.

--
MINO-RIPE
_______________________________________________
foundry-nsp mailing list
foundry-nsp [at] puck
http://puck.nether.net/mailman/listinfo/foundry-nsp

nsp foundry RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.