Alcatel Unleashed

The #1 Worldwide board for technical support on Alcatel-Lucent Voice & Data gear.
https://alcatelunleashed.com/

Port-security - OS6450

https://alcatelunleashed.com/viewtopic.php?t=27148

Page 1 of 1

Port-security - OS6450

Posted: 08 Apr 2017 13:07
by saso_ri
Hello,
I configured two port of my switch OS6450 with port-security

Code: Select all

port-security 1/1-2 admin-status enable  
port-security 1/1-2  maximum 1 
port-security 1/1-2  max-filtering 0
port-security 1/1-2  violation restrict

port-security 1/1 mac XX:XX:XX:XX:XX:XX
port-security 1/2 mac YY:YY:YY:YY:YY:YY
Original connection
computeur#1 --> port n°1
computeur#1 --> port n°2

My test
computeur#1 --> port n°2
computeur#2 --> port n°1

When I reverse my connection of RJ45 cable, I do not receive any log in bridge (ex log: BRIGDE info port-security violation on ....)
It is normal? How to detect this kind of connection without BRIDGE info log ?

Thank you for your help!

Re: Port-security - OS6450

Posted: 15 Apr 2017 05:08
by silvio
Hi,
maybe because you "only" restrict the wrong mac-addresses. Try it with shutdown.
What is the output of "show port-security"?
regards
Silvio

Re: Port-security - OS6450

Posted: 21 Apr 2017 05:19
by saso_ri
I found the cause of my problem:

Note: A static LPS MAC is allowed to move between ports belonging to the same VLAN.

Is there a command to change this parameter (not allowed to move between the ports belonging to the same vlan). In order to get log BRIDGE MAC violation ?

Thank you.

Re: Port-security - OS6450

Posted: 21 Apr 2017 12:01
by silvio
I understand this entry in guide different to you.
You can configure same static LPS MAC on multiple LPS ports. A static LPS MAC is allowed to move between ports belonging to the same VLAN. The system supports a maximum of 64 such entries.
Example:
-> vlan 2
-> vlan 2 port default 1/3
-> vlan 2 port default 1/4
-> port-security 1/3 mac 00:00:00:00:00:01
-> port-security 1/4 mac 00:00:00:00:00:01

Note.
•Static MAC Address movement is not allowed on LPS ports configured as UNI ports.
•System supports static MAC moves only on the LPS ports where static MAC is configured on
different ports in a given VLAN.
•When static MAC is configured on different LPS ports in a VLAN, the static MAC is valid only on one port. This port is either an ingress port or the first port on which LPS static MAC is configured.
So it means that only movement is allowed between port where the static address is configured.
you should open a ticket at alcatel. Maybe a bug???
regards
Silvio
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited