[f-nsp] MAC security per VLAN

Alexander Shikoff minotaur at crete.org.ua
Wed Jul 18 08:27:07 EDT 2012


On Wed, Jul 18, 2012 at 07:09:40AM +1000, Mitchell Warden wrote:
> Hi Alexander
> 
> > I need to disable MAC learning only in one VLAN, in other VLANs MAC
> > learning should be enabled without any limits.
> > 
> > In 'port security' configuration section of interface I can set up
> > static MAC addresses in certain VLAN, but I cannot disable MAC learning 
> > per VLAN: 'dynamic-learn' command does not have VLAN parameter.
> > 
> > Is there a way to achieve this? Thanks in advance!
> > 
> 
> 
> Have you looked at the 'transparent-hw-flooding' option? It's applied under the vlan configuration. It will turn off MAC learning for the VLAN.

Hi Mitchell,

Thank you for advice.

Yes, I have looked at transparent-hw-flooding option and tested it.
It's not a good way for us, it turns off MAC learning but enables flooding
in all ports in a VLAN, thus we lose control of MAC addresses.

-- 
MINO-RIPE



More information about the foundry-nsp mailing list