UMN:CLI User Manual
V5808
214
7.10 Port Security
You can use the port security feature to restrict input to an interface by limiting and
identifying MAC addresses of the PCs that are allowed to access the port. When you
assign secure MAC addresses to a secure port, the port does not forward packets with
source addresses outside the group of defined addresses. If you limit the number of
secure MAC addresses to one and assign a single secure MAC address, the PC attached
to that port is assured the full bandwidth of the port.
7.10.1 Port Security on Port
Step 1 Enable port security on the port.
Enables port security on the port.
Step 2 Set the maximum number of secure MAC addresses for the port.
port security PORTS maximum
<1-16384>
Sets the maximum number of secure MAC addresses
for the port. (default: 1)
Step 3 Set the violation mode and the action to be taken.
port security PORTS violation
{shutdown | protect | restrict}
Selects a violation mode.
(default: shutdown)
When configuring port security, note that the following information about port security
violation modes:
• protect drops packets with unknown source addresses until you remove a sufficient
number of secure MAC addresses to drop below the maximum value.
• restrict drops packets with unknown source addresses until you remove a sufficient
number of secure MAC addresses to drop below the maximum value and causes the
Security Violation counter to increment.
• shutdown puts the interface into the error-disabled state immediately and sends an
SNMP trap notification.
Step 4 Enter a secure MAC address for the port.
port security PORTS mac-
address MAC-ADDR vlan NAME
Sets a secure MAC address for the port.
To Next Page