• Author : Coy Humphrey

 
 

Port security protect mode enhancements

Description This TOI describes a set of enhancements made to the existing Port Security: Protect Mode (PortSec-Protect) feature. Please see the existing TOI for this feature here: https://eos.arista.com/eos-4-24-0f/port-security-protect-mode/ Unless otherwise noted, all information contained in the original Protect Mode TOI continues to apply. The persistent port security feature also continues to be supported, and is described by the following TOI: https://eos.arista.com/eos-4-18-1f/port-security-preserve-macs-on-link-flapreload/ The primary enhancement is extending the limits placed by PortSec-Protect to apply to MAC addresses learned in the hardware MAC table. Previously, the port security limit would affect only the forwarding behavior, while allowing an unlimited number of MAC...
Continue reading →

Match ECN bits in Mirroring and Security ACLs

Description Explicit Congestion Notification (ECN) is an IP and TCP extension that facilitates end-to-end network congestion notification without dropping packets. ECN recognizes early congestion and sets flags that signal affected hosts. The ECN field in the IP header (bits 6 and 7 in the IPv4 TOS or IPv6 traffic class octet) advertises ECN capabilities: 00 – Non ECN-capable transport, non-ECT 01 – ECN-capable transport, ECT(1) 10 – ECN-capable transport, ECT(0) 11 – Congestion encountered, CE Support has been added to match ECN bits in both Mirroring and Security ACLs (IPv4 and IPv6). This will allow these ACLs to distinguish between...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: