Technical data
Switching and Routing
May 2012 © 2012 Brocade Communications Systems, Inc. 2 - 17
Enabling Logging of Packets Denied by Layer 2 MAC Filters
When you enable this feature, the device generates Syslog entries and SNMP traps for denied packets.
To enable logging of packets that are denied by Layer 2 MAC filters, enter the following command:
ServerIron(config)#mac filter log-enable
Syntax: [no] mac filter log-enable
Address-Lock Filters
An address-lock filter restricts the number of MAC addresses that a switch can learn from a specific port. After
the switch learns the specified number of MAC addresses from the port, the switch stops learning addresses
received on that port. In addition, the switch does not accept or forward traffic on the port unless the traffic
contains one of the source or destination MAC addresses locked for the port.
Address-lock filters apply only to Layer 2 traffic and do not affect Layer 3 or Layer 4 traffic on the locked ports.
Unlike addresses learned from other ports, addresses learned from a locked port are not subject to aging.
Configuring a Broadcast Filter
You can filter on all broadcast traffic or on IP UDP broadcast traffic.
To configure a Layer 2 broadcast filter to filter all types of broadcasts, then apply the filter to ports 1, 2, and 3, enter
commands such as the following:
ServerIron(config)# broadcast filter 1 any
ServerIron(config-bcast-filter-id-1)# exclude-ports ethernet 1 to 3
ServerIron(config-bcast-filter-id-1)# write mem
To configure two filters, one to filter IP UDP traffic on ports 1 – 4, and the other to filter all broadcast traffic on port
6, enter commands such as the following:
ServerIron(config)# broadcast filter 1 ip udp
ServerIron(config-bcast-filter-id-1)# exclude-ports ethernet 1 to 4
ServerIron(config-bcast-filter-id-1)# exit
ServerIron(config)# broadcast filter 2 any
ServerIron(config-bcast-filter-id-2)# exclude-ports ethernet 6
ServerIron(config-bcast-filter-id-2)# write mem
To configure an IP UDP broadcast filter and apply that applies only to port-based VLAN 10, then apply the filter to
two ports within the VLAN, enter commands such as the following:
ServerIron(config)# broadcast filter 4 ip udp vlan 10
ServerIron(config-bcast-filter-id-4)# exclude-ports eth 1 eth 3
ServerIron(config-bcast-filter-id-1)# write mem
Syntax: [no] broadcast filter <filter-id> any | ip udp [vlan <vlan-id>]
The <filter-id> specifies the filter number and can be a number from 1 – 8. The software applies the filters in
ascending numerical order. As soon as a match is found, the software takes the action specified by the filter
(block the broadcast) and does not compare the packet against additional broadcast filters.
You can specify any or ip udp as the type of broadcast traffic to filter. The any parameter prevents all broadcast
traffic from being sent on the specified ports. The ip udp parameter prevents all IP UDP broadcasts from being
sent on the specified ports but allows other types of broadcast traffic.
If you specify a port-based VLAN ID, the filter applies only to the broadcast domain of the specified VLAN, not to
all broadcast domains (VLANs) on the device.
As soon as you press Enter after entering the command, the CLI changes to the configuration level for the filter
you are configuring. You specify the ports to which the filter applies at the filter's configuration level.