MES53xx, MES33xx, MES23xx Ethernet Switch Series 152
port security routed
secure-address
mac_address
MAC address format:
H.H.H, H:H:H:H:H:H, HHHH-
HH
Specify the protected MAC address.
no port security routed
secure-address
mac_address
Remove the protected MAC address.
port security {forward |
discard |
[trap
freq]
freq: (1..1000000) seconds
Enable the security feature for the interface. Block new
address learning feature for the interface.
- forward - packets with unknown source MAC addresses will
be forwarded.
- discard - packets with unknown source MAC addresses will
be dropped.
- discard-shutdown - packets with unknown source MAC
addresses will be dropped and the port disabled.
- freq - the SNMP trap messages generation frequency when
receiving unauthorized packets.
freq: (1..1000000) seconds
Specify the SNMP trap message generation frequency when
unauthorized packets arrive.
port security mode
ock}
Enable the MAC address learning restriction mode on the
interface.
- max-addresses - remove the current dynamically learned
addresses associated with this interface. Learning of the
maximum number of addresses for the port is enabled.
Repeated learning and ageing is enabled.
- lock - save the current dynamically learned addresses
associated with the interface into a file and deny new address
learning and ageing of already learned addresses.
EXEC mode commands
Command line prompt in the EXEC mode is as follows:
console>
Table 5.164. EXEC mode commands
show ports security
{gigabitethernet gi_port |
tengigabitethernet te_port |
fortygigabitethernet fo_port |
port-channel group |
detailed}
gi_port: (1..8/0/1..48);
te_port: (1..8/0/1..24);
fo_port: (1..8/0/1..4);
group: (1..16)
Show security function settings for the selected interface.
show ports security
addresses {gigabitethernet
gi_port | tengigabitethernet
te_port | fortygigabitethernet
fo_port | port-channel group
| detailed}
gi_port: (1..8/0/1..48);
te_port: (1..8/0/1..24);
fo_port: (1..8/0/1..4);
group: (1..16)
Show current dynamic addresses for the blocked ports.
set interface active
{gigabitethernet gi_port |
tengigabitethernet te_port |
fortygigabitethernetfo_port |
port-channel group}
gi_port: (1..8/0/1..48);
te_port: (1..8/0/1..24);
fo_port: (1..8/0/1..4);
group: (1..16)
Activate the interface disabled by the port security function
(this command is available to privileged users only).
Examples of command usage
Enable the security feature for Ethernet interface 15. Set a restriction for learning addresses
to 1 address. After the MAC address is learned, block the new address learning feature for the
interface and drop packets with unknown source MAC address. Save learned address to a file.
console# configure
To Next Page
Loading...
Need help?
General
