PowerConnect B-Series FCX Configuration Guide 1263
Using the MAC Port Security Feature
Table 219 lists the individual Dell PowerConnect switches and the MAC port security features they
This chapter describes how to configure Dell PowerConnect devices to learn “secure” MAC
addresses on an interface so that the interface will forward only packets that match the secure
You can configure the Dell PowerConnect device to learn “secure” MAC addresses on an interface.
The interface will forward only packets with source MAC addresses that match these learned
secure addresses. The secure MAC addresses can be specified manually, or the Dell PowerConnect
device can learn them automatically. After the device reaches the limit for the number of secure
MAC addresses it can learn on the interface, if the interface then receives a packet with a source
MAC address that does not match the learned addresses, it is considered a security violation.
When a security violation occurs, a Syslog entry and an SNMP trap are generated. In addition, the
device takes one of two actions; it either drops packets from the violating address (and allows
packets from the secure addresses), or disables the port for a specified amount of time. You
specify which of these actions takes place.
The secure MAC addresses are not flushed when an interface is disabled and re-enabled. The
secure addresses can be kept secure permanently (the default), or can be configured to age out, at
which time they are no longer secure. You can configure the device to automatically save the
secure MAC address list to the startup-config file at specified intervals, allowing addresses to be
kept secure across system restarts.
TABLE 219 Supported MAC port security features
Feature PowerConnect B-Series FCX
MAC port security Yes
Setting the maximum number of secure
MAC addresses on an interface
Setting the port security age timer Yes
Specifying secure MAC addresses Yes
Autosaving secure MAC addresses to the
startup-config file
Specifying the action taken when a
security violation occurs
Clearing port security statistics Yes