Mohsin,

Not really, macip acl only nails down the predefined known addresses.

Mostafa,

To implement the functionality you are looking for, you would need to write new 
code.

--a

> On 12 Feb 2018, at 23:20, Mohsin Kazmi <syka...@cisco.com> wrote:
> 
> Hi Mostafa,
> 
> Port Security functional can be implemented using ACL plugin MACIP feature. 
> On a given interface, ACLs are applied on input traffic to permit using a mix 
> of MAC and IP.
> 
> 
> Here you will find more detail about it:
> 
> https://wiki.fd.io/view/VPP/SecurityGroups#MACIP_.28formerly_.22L2.22.29_API
> 
> Cheers,
> Mohsin​
> From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> on behalf of Mostafa Salari 
> <msg...@gmail.com>
> Sent: Saturday, February 10, 2018 10:55 AM
> To: vpp-dev@lists.fd.io
> Subject: [vpp-dev] Port security
>
> Hi
> 
> How can i apply port-security functionality with vpp? In summary, before a 
> new MAC come into mac-table, some special functions must be triggered. Those 
> functions, determine whether the new mac is allowed to connect or not, and if 
> not, what action should be performed? Actions are: increasing a violation 
> counter, dropping the packet and (sometimes) turning the incomming interface 
> down!
> 
> Any help is appreciated.
> Regards
> 

Reply via email to