switchport port-security limit rate invalid-source-mac EFFECT

Unanswered Question
Dec 15th, 2009

Hi,


If i apply this command to a trunk port which connects to switches, and it reaches to limit what is the action?


switchport port-security limit rate invalid-source-mac


down the link  OR drop invalid mac-addressed packets?


Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sachinraja Tue, 12/15/2009 - 11:45

Hi Akyuznet


It actually depends on what violation policy you apply:


switchport port-security violation{shutdown | restrict | protect}


with shutdown, it basically shuts the port, with restrict/protect option, it will not shut the port, but will drop the packets later...


Hope this helps.. all the best..


Raj

Giuseppe Larosa Wed, 12/16/2009 - 01:53

Hello Akyuznet,


this command introduces a rate limit in number of invalid MAC addresses events on the port.


This is probably there as a form of defense from a possible denial of service caused by processing these events.


switchport port-security limit rate ?
  invalid-source-mac  Invalid source packet rate limit (packets per second)


switch(config-if)#switchport port-security limit rate inv
switch(config-if)#switchport port-security limit rate invalid-source-mac ?
  <0-1000>  Packets per second
  none      Disable invalid source mac address rate limit


it may help in keeping low the cpu usage. or it can be seen as a way to control the rate of  unsecure mac addresses on the port.



Hope to help

Giuseppe

Akhtar Samo Tue, 10/23/2012 - 01:12

Hi Giuseppe,


Can you suggest an ideal threshold rate limit value for 4507 switches?


Regards,


Akhtar

Actions

This Discussion