BigIron RX Series Configuration Guide 94753-1001810-01Configuring the MAC port security feature 32Re-enabling a portOnce a port is permanently shut down, an administrator must re-enable the port by entering thefollowing command.BigIron RX(config)# int e 7/11BigIron RX(config-if-e100-7/11)#enableSyntax: enablePort security MAC violation limitYou can specify how many packets the system can receive in a one-second interval from deniedMAC address before the system shuts the port down. To enable this new mode, enter a commandsuch as the following.BigIron RX(config)#global-port-securityBigIron RX(config-port-security)#violation restrict 12Syntax: violation restrict [#-denied-packets processed]Enter 1 – 64000. There is no default.NOTEWith the introduction of this command, packets from denied MAC addresses are now processed insoftware by the LP. They are no longer programmed in the hardware.In addition to the new processing of packets from denied MAC addresses, these packets can nowbe logged in the Syslog. And to prevent the Syslog from being overwhelmed with messages fordenied packets, you can specify how many messages will be logged per second, based on apacket’s IP address.BigIron RX(config)#global-port-securityBigIron RX(config-port-security)#violation restrict 12BigIron RX(config-port-security)#deny-log-rate <7>Syntax: deny-log-rate [<#-logs>]Enter 1 – 10. There is no default.The logged message contains the packet’s IP address and the MAC address of the denied packet.For example, the following configuration shows that violation restrict is configured;interface ethernet 14/1port securityenablemaximum 5violation restrict 1000secure-mac-address 0000.0022.2222 10secure-mac-address 0000.0022.2223 10secure-mac-address 0000.0022.2224 10secure-mac-address 0000.0022.2225 10secure-mac-address 0000.0022.2226 10When packet from MAC address 000.0022.2227, an address that is not a secured MAC address,the following Syslog message is generated.SYSLOG: Mar 10 17:36:12:<12>3-RW-Core-3, Interface e14/1 shutdn due to high rateof denied mac 0000.0022.2227, vlan 10