After 100 security violations occur, the device disables learning on the interface and drops all ingress traffic
from nonsecure MAC addresses. In addition, the device generates an SNMP trap for each security violation.
• Protect—Prevents further violations from occurring. The address that triggered the security violation is
learned but any traffic from the address is dropped. Further address learning stops.
If a violation occurs because ingress traffic from a secure MAC address arrives at a different interface than
the interface on which the address is secure, the device applies the action on the interface that received the
traffic.
This command does not require a license.
Examples
This example shows how to configure an interface to respond to a security violation event with the protect
action:
switch# configure terminal
switch(config)# interface ethernet 2/1
switch(config-if)# switchport port-security violation protect
switch(config-if)#
Related Commands
DescriptionCommand
Enables port security globally.feature port-security
Shows information about port security.show port-security
Enables port security on a Layer 2 interface.switchport port-security
Configures the aging time for dynamically learned,
secure MAC addresses.
switchport port-security aging time
Configures the aging type for dynamically learned,
secure MAC addresses.
switchport port-security aging type
Configures a static MAC address.switchport port-security mac-address
Enables the sticky method for learning secure MAC
addresses.
switchport port-security mac-address sticky
Configures an interface or a VLAN maximum for
secured MAC addresses on an interface.
switchport port-security maximum
Cisco Nexus 7000 Series Security Command Reference
687
S Commands
switchport port-security violation
To Next Page
Loading...
