Falcon R-Class | User Guide
105
Aging Period
If
Aging Enabled
is checked, then the aging period is controlled with this input.
If other modules are using the underlying port security for securing MAC
addresses, they may have other requirements to the aging period. The
underlying port security will use the shorter requested aging period of all
modules that use the functionality. The Aging Period can be set to a number
between 10 and 10,000,000 seconds. To understand why aging may be
desired, consider the following scenario: Suppose an end-host is connected to
a 3rd party switch or hub, which in turn is connected to a port on this switch
on which Limit Control is enabled. The end-host will be allowed to forward if
the limit is not exceeded. Now suppose that the end-host logs off or powers
down. If it were not for aging, the end-host would still take up resources on
this switch and will be allowed to forward. To overcome this situation, enable
aging. With aging enabled, a timer is started once the end-host gets secured.
When the timer expires, the switch starts looking for frames from the end-
host, and if such frames are not seen within the next Aging Period, the end-
host is assumed to be disconnected, and the corresponding resources are
freed on the switch.
Hold Time
The hold time - measured in seconds - is used to determine how long a MAC
address is held in the MAC table if it has been found to violate the limit. Valid
range is between 10 and 10000000 seconds with a default of 300 seconds. The
reason for holding a violating MAC address in the MAC table is primarily to
ensure that the same MAC address doesn't give rise to continuous
notifications (if notifications on violation count is enabled).
The table has one row for each port on the selected switch and several columns.
Port Configuration
Port
The port number to which the configuration below applies.
Mode
Controls whether Limit Control is enabled on this port. Both this and the
Global Mode must be set to Enabled for Limit Control to be in effect. Notice
that other modules may still use the underlying port security features without
enabling Limit Control on a given port.
Limit
The maximum number of MAC addresses that can be secured on this port.
This number cannot exceed 1023. Default is 4. If the limit is exceeded, an
action is taken corresponding to the violation mode. The switch is "born" with
a total number of MAC addresses from which all ports draw whenever a new
MAC address is seen on a Port Security-enabled port. Since all ports draw from
the same pool, it may happen that a configured maximum cannot be granted,
if the remaining ports have already used all available MAC addresses.