Secure Address Learning Mode
21
The source address in an incoming packet must match a static address
that you have configured on a port before the packet can enter that port.
If an incoming packet contains a different source address than the one set
for the port, the module shuts the port down and you must bring the
port back online manually.
In secure mode, the module does not learn “unauthorized” source
addresses.
To use this command:
1
In the
bridge learnMode
menu, select whether you want to put the
module into secure mode (or restore the module to normal mode).
The default setting is
normal
.
Example:
CB9000@slot 3.1 [36L-E/FEN-TX-L2] (): bridge
Menu options (CoreBuilder 9000-F5EAC):
-----------------------------------------
display - Display bridge information
agingTime - Set the bridge address aging time
cos - Administer COS priority queues
port - Administer bridge ports
multicast - Administer multicast filtering
vlan - Administer VLANs
loopDetectMode - Set Loop Detect mode
learnMode - Set the bridge learning mode
CB9000@slot 3.1 [36L-E/FEN-TX-L2] (bridge): learnMode
Secure mode option will flush dynamic addresses.
(normal,secure) [normal]:
As shown in the above example, the system displays a warning that
secure mode flushes existing dynamically learned addresses.
2
If you select the secure mode, you can then use the
bridge port
address
command to configure static addresses for the individual ports
that you want to secure. Any static addresses that you define on these
ports are used to screen packets that arrive at these ports.