switchport port-security limit rate invalid-source-mac EFFECT

Muhammed AKYUZ · ‎12-15-2009

Hi,

If i apply this command to a trunk port which connects to switches, and it reaches to limit what is the action?

switchport port-security limit rate invalid-source-mac

down the link OR drop invalid mac-addressed packets?

Thank you.

sachinraja · ‎12-15-2009

Hi Akyuznet

It actually depends on what violation policy you apply:

switchport port-security violation{shutdown | restrict | protect}

with shutdown, it basically shuts the port, with restrict/protect option, it will not shut the port, but will drop the packets later...

Hope this helps.. all the best..

Raj

Giuseppe Larosa · ‎12-16-2009

Hello Akyuznet,

this command introduces a rate limit in number of invalid MAC addresses events on the port.

This is probably there as a form of defense from a possible denial of service caused by processing these events.

switchport port-security limit rate ?
invalid-source-mac Invalid source packet rate limit (packets per second)

switch(config-if)#switchport port-security limit rate inv
switch(config-if)#switchport port-security limit rate invalid-source-mac ?
<0-1000> Packets per second
none Disable invalid source mac address rate limit

it may help in keeping low the cpu usage. or it can be seen as a way to control the rate of unsecure mac addresses on the port.

Hope to help

Giuseppe

Akhtar Samo · ‎10-23-2012

Hi Giuseppe,

Can you suggest an ideal threshold rate limit value for 4507 switches?

Regards,

Akhtar