Manualshelf

User guide

ManualsBrandsAlcatel ManualsComputer equipmentOS6855-24
31323334353637383940
September 2009
OmniSwitch 6400/6850/6855/9000/9000E------ Release 6.4.2.R01 Page 37 of 79
be scheduled during a maintenance window.
The images which are ISSU capable are Jbase.img, Jsecu.img, Jadvrout.img and Jos.img.
A minimum of 25 MB flash space must be present in the switch to accommodate the image files
that are used to patch existing image files. This feature is only supported on the OmniSwitch
9000E.
L2 DHCP Snooping
By default, DHCP broadcasts are flooded on the default VLAN for the client/server port. If the DHCP
client and server are both members of the same VLAN domain, the broadcast packets from these
sources are bridged as Layer 2 traffic and not processed by the relay agent.
The Omnswitch provides enhancements to DHCP Snooping to allow application of DHCP Snooping
functionality to bridged DHCP client/server broadcasts without using the relay agent or requiring an IP
interface on the client/server VLAN.
When DHCP Snooping is enabled at the switch level or for an individual VLAN, DHCP Snooping
functionality is automatically applied to Layer 2 traffic. When DHCP Snooping is disabled at the
switch level or disabled on the last VLAN to have snooping enabled on the switch, DHCP Snooping
functionality is no longer applied to Layer 2 or Layer 3 traffic.
L2 Static Multicast Addresses
Static multicast MAC addresses are used to send traffic intended for a single destination multicast
MAC address to multiple switch ports within a given VLAN. A static multicast address is assigned to
one or more switch ports for a given VLAN. The ports associated with the multicast address are then
identified as egress ports. When traffic received on ports within the same VLAN is destined for the
multicast address, the traffic is forwarded on the egress ports that are associated with the multicast
address.
One of the benefits of using static multicast addresses is that multicast traffic is switched in hardware
and no longer subject to flood limits on broadcast traffic.
Learned Port Security (LPS)
Learned Port Security (LPS) provides a mechanism for authorizing source learning of MAC addresses
on 10/100/1000, Gigabit, and Gigabit Ethernet ports. Using LPS to control source MAC address
learning provides the following benefits:
A configurable source learning time limit that applies to all LPS ports.
A configurable limit on the number of MAC addresses allowed on an LPS port.
Dynamic configuration of a list of authorized source MAC addresses.
Static configuration of a list of authorized source MAC addresses.
Two methods for handling unauthorized traffic: Shutting down the port or only blocking
traffic that violates LPS criteria.
A configurable limit to the number of filtered MAC addresses allowed on an LPS port.
Conversion of dynamically learned MAC addresses to static MAC address entries.
Support for all authentication methods and LPS on the same switch port.
LPS has the following limitations:
You cannot configure LPS on 10 Gigabit ports.