xxviii BigIron RX Series Configuration Guide53-1001986-01Chapter 32 Using the MAC Port Security Featureand Transparent Port FloodingMAC Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .931Violation actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .931Local and global resources . . . . . . . . . . . . . . . . . . . . . . . . . . . .932Configuring the MAC Port Security feature . . . . . . . . . . . . . . . . . . .932Enabling the MAC Port Security feature . . . . . . . . . . . . . . . . . .932Setting the maximum number of secure MAC addresses foran interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .933Specifying static secure MAC addresses . . . . . . . . . . . . . . . . .934Enabling dynamic MAC address learning . . . . . . . . . . . . . . . . .934Denying specific MAC addresses . . . . . . . . . . . . . . . . . . . . . . .934Autosaving secure MAC addresses to the startup-config . . . .934Setting the MAC Port Security age timer . . . . . . . . . . . . . . . . .935Defining security violation actions . . . . . . . . . . . . . . . . . . . . . . . . . .935Shutdown the interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .936Restricting interface access . . . . . . . . . . . . . . . . . . . . . . . . . . .936Denying a MAC address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .938Understanding the rules for violation action configuration . . . . . .938Interaction between global and interface level violationactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .938Changing the global violation action . . . . . . . . . . . . . . . . . . . .939Changing the violation action for an interface. . . . . . . . . . . . .939Re-enabling an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .940Interface shutdown time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .940Manually re-enabling a interface . . . . . . . . . . . . . . . . . . . . . . .940Displaying MAC Port Security information . . . . . . . . . . . . . . . . . . . .940Displaying MAC Port Security settings . . . . . . . . . . . . . . . . . . .940Displaying the secure MAC addresses list on the device . . . .941Displaying MAC Port Security statistics . . . . . . . . . . . . . . . . . .942Displaying a list of MAC addresses. . . . . . . . . . . . . . . . . . . . . .943Displaying a list of secure and denied MAC addresses. . . . . .943Displaying information when violation action is restrict . . . . .944Displaying information when violation action is deny . . . . . . .944Transparent port flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .945Chapter 33 Configuring 802.1x Port SecurityOverview of 802.1x port security . . . . . . . . . . . . . . . . . . . . . . . . . . .947IETF RFC support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .947How 802.1x port security works. . . . . . . . . . . . . . . . . . . . . . . . . . . .947Device roles in an 802.1x configuration . . . . . . . . . . . . . . . . .947Communication between the devices . . . . . . . . . . . . . . . . . . .948Controlled and uncontrolled ports . . . . . . . . . . . . . . . . . . . . . .949Message exchange during authentication . . . . . . . . . . . . . . . .950Authenticating multiple clients connected to the sameport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .952802.1x port security and sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . .954