C
HAPTER
25
| General Security Measures
Port Security
– 875 –
traffic with source addresses stored in the static address table will be
accepted, all other packets are dropped. Note that the dynamic
addresses stored in the address table when MAC address learning is
disabled are flushed from the system, and no dynamic addresses are
subsequently learned until MAC address learning has been re-enabled.
â—† The mac-learning commands cannot be used if 802.1X Port
Authentication has been globally enabled on the switch with the dot1x
system-auth-control command, or if MAC Address Security has been
enabled by the port security command on the same interface.
EXAMPLE
The following example disables MAC address learning for port 2.
Console(config)#interface ethernet 1/2
Console(config-if)#no mac-learning
Console(config-if)#
RELATED COMMANDS
show interfaces status (987)
port security This command enables or configures port security. Use the no form without
any keywords to disable port security. Use the no form with the
appropriate keyword to restore the default settings for a response to
security violation or for the maximum number of allowed addresses.
SYNTAX
port security [action {shutdown | trap | trap-and-shutdown}
| max-mac-count address-count]
no port security [action | max-mac-count]
action - Response to take when port security is violated.
shutdown - Disable port only.
trap - Issue SNMP trap message only.
trap-and-shutdown - Issue SNMP trap message and disable
port.
max-mac-count
address-count - The maximum number of MAC addresses that
can be learned on a port. (Range: 0 - 1024, where 0 means
disabled)
DEFAULT SETTING
Status: Disabled
Action: None
Maximum Addresses: 0
To Next Page
Loading...
Need help?
General
