14-13
Configuring and Monitoring Port Security
Port Security
Syntax: port-security (Continued)
learn-mode < continuous | static | port-access | configured | limited-
continuous > (Continued)
static: Enables you to use the mac-address parameter to
specify the MAC addresses of the devices authorized for a
port, and the address-limit parameter (explained below) to
specify the number of MAC addresses authorized for the
port. You can authorize specific devices for the port, while
still allowing the port to accept other, non-specified
devices until the device limit has been reached. That is, if
you enter fewer MAC addresses than you authorized, the
port authorizes the remaining addresses in the order in
which it automatically learns them.
For example, if you use address-limit to specify three
authorized devices, but use mac-address to specify only one
authorized MAC address, the port adds the one specifically
authorized MAC address to its authorized-devices list and
the first two additional MAC addresses it detects.
If, for example:
You use mac-address to authorize MAC address
0060b0-880a80 for port A4.
You use address-limit to allow three devices on port
A4 and the port detects these MAC addresses:
1. 080090-1362f2
2. 00f031-423fc1
3. 080071-0c45a1
4. 0060b0-880a80 (the address you authorized
with the mac-address parameter)
In this example port A4 would assume the following
list of authorized addresses:
080090-1362f2 (the first address the port
detected)
00f031-423fc1 (the second address the port
detected)
0060b0-880a80 (the address you authorized
with the mac-address parameter)
The remaining MAC address detected by the port,
080071-0c45a1, is not allowed and is handled as an
intruder. Learned addresses that become authorized
do not age-out. See also “Retention of Static
Addresses” on page 14-17.
— Continued —
To Next Page
Loading...
