|
|
1 |
In the navigation tree Routing view, expand Network→OmniSwitch NE→Bridge Instance.
|
2 |
Right-click on the Bridge Instance Object icon and choose Properties. The Bridge Instance (Edit) form opens.
|
3 |
Configure the required parameters.
|
4 |
Perform the following to configure the OmniSwitch with a dynamically learned MAC address to restrict a port's ingress traffic, otherwise go to
Step 7 . Perform the following steps:
-
Click on the Learned Port Security tab and configure the required parameters.
Note:
The Status parameter does not appear until you enter a non-zero value for the Learning Time Window (minutes) parameter.
Click Restart Timer to restart the MAC source learning timer if you need to restart dynamic MAC address learning on a port.
-
Click on the Ports tab and click Create to select ports on which you want to enable learned port security. The Select Port - Bridge form opens.
-
Choose one or more ports and click OK. If you need to apply the same LPS properties to multiple ports but do not need to configure static MAC addresses on the ports, go to
Step 6 .
|
5 |
Optionally, configure static MAC addresses on the ports.
Note: Static MAC addresses can only be added to LPS-enabled ports individually.
A port must be LPS-enabled and belong to a VLAN before you can add static MAC addresses.
If traffic containing MAC addresses outside of the allowable MAC address range attempts to access an LPS port, the switch either restricts access to the port for that traffic or shuts the port down to all traffic. When this happens, the port is in an operationally violated state and an alarm is raised. See
To release a violated OmniSwitch LPS port for information about how to release a violated LPS port. Perform the following steps:
-
Choose a port and click Properties. The Learned Port Security (Edit) form opens. See
To add MAC address range entries to an OmniSwitch LPS portfor information about how to add static MAC range entries.
-
Click Properties. The Physical Port (Edit) form opens.
-
Configure the required parameters.
-
Click Select in the VLAN Site panel. The Select VLAN Site form opens.
-
Choose a VLAN site and click OK.
-
Save the changes and close the form. The Learned Port Security (Edit) form reappears.
-
Optionally choose a port and click Convert to Static to stop the aging out of dynamic MAC addresses on LPS ports.
-
Repeat
Step 5 if you need to add another static MAC address to the port.
|
6 |
Optionally, apply the same LPS properties to multiple ports. Perform the following steps:
-
Choose multiple ports and click Properties. The Learned Port Security (Edit) form opens.
-
Configure the required parameters.
-
Save your changes and close the forms. The Bridge Instance (Edit) form reappears.
|
7 |
Click on the Spanning Tree tab to configure the STP modes to the bridge. This prevents bridge loops and the broadcast radiation that results from them.
-
To apply a STP Flat Mode to the bridge; go to
Step 8 .
-
To apply a STP 1x1 Mode to the bridge; go to
Step 10 .
|
8 |
|
CAUTION
Service Disruption |
Service Disruption
Changing the Protocol parameter to MSTP resets the flat bridge priority and path.
Click on the STP Flat Mode tab and choose a 1x1 instance and click Properties. The VLAN STP Instance (Edit) form opens.
-
Configure the required parameters.
-
Click on the Port tab and choose one or more ports.
-
Click Properties. The CIST Instance Ports (Edit) form opens.
-
Configure the required parameters.
-
Save your changes.
|
9 |
Optionally, click on the MSTI tab to configure a multiple spanning tree instance to represent represents a group of VLANs, otherwise go to
Step 11 .
Note: In order to configure MSTI, the Protocol parameter must be set to MSTP. Perform the following steps:
-
Click Create. The MST instance form opens.
-
Configure the required parameters.
-
Click on the VLAN tab and click Create to assign a VLAN to the MSTI. The Select VLAN Sites - MST Instance form opens.
-
Choose one or more VLANs and click OK.
-
Save your changes and close the forms. The Bridge Instance (Edit) form reappears.
-
Click on the MST Region tab and configure the required parameters. Go to
Step 11 .
|
10 |
|
CAUTION
Service Disruption |
Changing the STP 1x1 Mode configuration may affect the STP calculations for this instance of
the VLAN and trigger a topology change in the network.
Click on the STP 1x1 Mode tab and choose a 1x1 instance and click Properties. The VLAN STP Instance (Edit) form opens.
-
Configure the required parameters.
-
Click on the Port tab and choose one or more ports from the list of ports that have been assigned to VLANs and click Properties. The VLAN STP Instance Ports (Edit) form opens.
-
Configure the required parameters.
-
Save your changes and close the form. The Bridge Instance (Edit) form reappears.
|
11 |
Click on the TLS tab and configure the TLS Mode parameter.
|
12 |
Click on the QoS tab and configure the required parameters.
Note: The applied values for the Default Bridged Disposition, Default Routed Disposition, and Default IGMP Disposition parameters should be the same as the configured values.
|
13 |
Click on the MVRP tab and configure the required parameters.
|
14 |
Click on the IGMP Port Group Limit tab and perform one the following:
-
Configure active (administratively Up) ports: Perform the following steps:
-
Choose one or more ports and click Properties. The IGMP Port Group Limit (Edit) or IGMP Port Group Limit - (Multiple Instances) (Edit) form opens.
Note:
Only ports that are active (administratively Up) appear in the list. You can view the configuration of the inactive ports using the OmniSwitch CLI.
-
Configure the required parameters.
-
Save your changes and close the form. The Bridge Instance (Edit) form reappears.
-
Configure inactive (administratively Down) ports. Perform the following steps:
-
Click Create. The Select Port - Bridge form opens.
-
Choose an inactive port and click Properties. The Physical Port (Edit) form opens.
-
Configure the required parameters.
-
Save your changes and close the form. The Bridge Instance (Edit) form reappears.
Note:
As required, click on the Multicast VLAN Port tab in the multicast VLAN IGMP site properties to view the Port Max Group and Port Action parameter information for a multicast VLAN port. You can also view the number of IGMP groups dynamically learned by the port.
|
15 |
Save your changes and close the form.
End of steps |