342-86400-498PS
Issue 1.2
April 2012
Page 92
Copyright
GE Multilin Inc. 2010-2012
manually added as the port‟s static addresses (see
Static MAC Table Setup
in the
MAC
tab
)
will be
blocked. The
MAC Aging Time
does not apply to the
MAC entries associated with secured ports.
Note:
A port that needs to be secured is often set to
„No Blocking‟ first and once the desired MAC
addresses have been learned, the setting is changed
to „Secured‟. At that point, all learned MAC addresses
will be copied from RAM to flash so that they can be
recovered upon unit reboot. These MAC entries are
now referred to as „pseudo-static‟ entries.
Note:
When the port‟s setting is changed from
„Secured‟ to „No Blocking‟, all pseudo-static MAC
addresses (i.e. the addresses previously learned from
the port) will be erased from the MAC address table.
Note:
The MAC address table entries associated with
a port in „Secured‟ mode include pseudo-static and/or
static MAC addresses only. These entries never age
out.
Note:
MAC security is not applied to egress traffic.
Therefore, if an entire D-PVLAN needs to be secured,
it is recommended that all of its ports (local and
remote) be secured.
Note:
P-
Trunk ports cannot be set for the „Secured‟
mode. (On unit Version 3.00, the Q-Trunk ports
cannot be set for the „Secured‟ mode either, but this
limitation is expected to be removed in one of the
subsequent firmware releases.)
MAC Learning Limit
(Applicable to ports in
No Blocking
mode only.) Allows the user to limit
the number of MAC addresses that can be learned through this port.
The limit can range from 1 to 255. The default setting is „-„ (no limit,
true non-blocking mode). Once the limit is reached, any ingressing
frames with unknown source address will not be bridged.
Note:
If the MAC Learning Limit is lowered or changed from
„-„ (no
limit) to/from a specific integer, any MAC addresses learned from this
port will be erased from the “LAN” MAC Address table.