14-4
Configuring and Monitoring Port Security
Port Security
Feature Interactions When Eavesdrop Prevention is Disabled
The following table explains the various interactions between learning modes
and Eavesdrop Prevention when Eavesdrop Prevention is disabled.
Note When the learning mode is “port-access”, Eavesdrop Prevention will not be
applied to the port. However, it can still be configured or disabled for the port.
.
Learn Mode Effect
Static When Eavesdrop Prevention is disabled, the port transmits packets that have
unknown destination addresses. The port is secured and only a limited number
of static MAC addresses are learned. A device must generate traffic before the
MAC address is learned and traffic is forwarded to it.
Continuous The default. The Eavesdrop Prevention option does not apply because port
security is disabled. Ports forward traffic with unknown destination addresses
normally.
Port-access Disabling Eavesdrop Prevention is not applied to the port. There is no change.
Limited-continuous When Eavesdrop Prevention is disabled, the port transmits packets that have
unknown destination addresses. The port is secured; MAC addresses age
normally. Eavesdrop Prevention may cause difficulties in learning MAC
addresses (as with static MAC addresses) and cause serious traffic issues
when a MAC ages out.
Configured When Eavesdrop Prevention is disabled, the port transmits packets that have
unknown destination addresses. The port is secured by a static MAC address.
Eavesdrop Prevention should not cause any issues because all valid MAC
addresses have been configured.
Syntax
[no] port-security <port-list> eavesdrop-prevention
When this option is enabled, the port is prevented from
transmitting packets that have unknown destination
addresses. Only devices attached to the port receive packets
intended for them. This option does not apply to a learning
mode of port-access or continuous.
Default: Enabled
To Next Page
Loading...
Need help?
General