Configuring Port Security 311
Enabling or Disabling Port Security Globally 311
Enabling or Disabling Port Security on a Layer 2 Interface 312
Enabling or Disabling Sticky MAC Address Learning 313
Adding a Static Secure MAC Address on an Interface 314
Removing a Static Secure MAC Address on an Interface 316
Removing a Sticky Secure MAC Address 317
Removing a Dynamic Secure MAC Address 318
Configuring a Maximum Number of MAC Addresses 319
Configuring an Address Aging Type and Time 320
Configuring a Security Violation Action 322
Verifying the Port Security Configuration 323
Displaying Secure MAC Addresses 323
Configuration Example for Port Security 323
Configuration Examples for Port Security in a vPC Domain 324
Example: Configuring Port Security on an Orphan Port 324
Example: Configuring Port Security on the vPC Leg 324
Additional References for Port Security 325
Configuring DHCP 327
CHAPTER 14
About DHCP Snooping 327
Trusted and Untrusted Sources 328
DHCP Snooping Binding Database 328
DHCP Snooping in a vPC Environment 329
Synchronizing DHCP Snooping Binding Entries 329
Packet Validation 329
DHCP Snooping Option 82 Data Insertion 330
About the DHCP Relay Agent 331
DHCP Relay Agent 331
DHCP Relay Agent Option 82 331
VRF Support for the DHCP Relay Agent 333
DHCP Smart Relay Agent 334
About the DHCPv6 Relay Agent 334
DHCPv6 Relay Agent 334
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
xv
Contents
To Next Page
Loading...
