[f-nsp] MAC security per VLAN
Alexander Shikoff
minotaur at crete.org.ua
Wed Jul 18 08:27:07 EDT 2012
On Wed, Jul 18, 2012 at 07:09:40AM +1000, Mitchell Warden wrote:
> Hi Alexander
>
> > I need to disable MAC learning only in one VLAN, in other VLANs MAC
> > learning should be enabled without any limits.
> >
> > In 'port security' configuration section of interface I can set up
> > static MAC addresses in certain VLAN, but I cannot disable MAC learning
> > per VLAN: 'dynamic-learn' command does not have VLAN parameter.
> >
> > Is there a way to achieve this? Thanks in advance!
> >
>
>
> Have you looked at the 'transparent-hw-flooding' option? It's applied under the vlan configuration. It will turn off MAC learning for the VLAN.
Hi Mitchell,
Thank you for advice.
Yes, I have looked at transparent-hw-flooding option and tested it.
It's not a good way for us, it turns off MAC learning but enables flooding
in all ports in a VLAN, thus we lose control of MAC addresses.
--
MINO-RIPE
More information about the foundry-nsp
mailing list