Thanks for the correction. In case of unknown MAC receive from known interface,
where set of MACIP rules are applied, what will be behavior of MACIP for new
MAC. I think so, it will drop those frames.
That's not what Mustafa is asking in his previous email about dropping of those
From: Andrew Yourtchenko <ayour...@gmail.com>
Sent: Monday, February 12, 2018 11:23 PM
To: Mohsin Kazmi (sykazmi)
Subject: Re: [vpp-dev] Port security
Not really, macip acl only nails down the predefined known addresses.
To implement the functionality you are looking for, you would need to write new
On 12 Feb 2018, at 23:20, Mohsin Kazmi
Port Security functional can be implemented using ACL plugin MACIP feature. On
a given interface, ACLs are applied on input traffic to permit using a mix of
MAC and IP.
Here you will find more detail about it:
<firstname.lastname@example.org<mailto:email@example.com>> on behalf of Mostafa Salari
Sent: Saturday, February 10, 2018 10:55 AM
Subject: [vpp-dev] Port security
How can i apply port-security functionality with vpp? In summary, before a new
MAC come into mac-table, some special functions must be triggered. Those
functions, determine whether the new mac is allowed to connect or not, and if
not, what action should be performed? Actions are: increasing a violation
counter, dropping the packet and (sometimes) turning the incomming interface
Any help is appreciated.