Configuring and Monitoring Port Security
Port Security Command Options and Operation
Syntax: port-security (Continued)
learn-mode < continuous | static | port-access | configured | limited-
continuous > (Continued)
static: Enables you to use the mac-address parameter to
specify the MAC addresses of the devices authorized for a
port, and the address-limit parameter (explained below) to
specify the number of MAC addresses authorized for the
port. You can authorize specific devices for the port, while
still allowing the port to accept other, non-specified
devices until the device limit has been reached. That is, if
you enter fewer MAC ad-dresses than you authorized, the
port authorizes the remaining addresses in the order in
which it automatically learns them.
For example, if you use
address-limit to specify three
authorized devices, but use mac-address to specify only
one authorized MAC address, the port adds the one
specifically authorized MAC address to its authorized-
devices list and the first two additional MAC addresses it
detects.
If, for example:
You use mac-address to authorize MAC address
0060b0-880a80 for port A4.
You use address-limit to allow three devices on port A4
and the port detects these MAC addresses:
1. 080090-1362f2
2. 00f031-423fc1
3. 080071-0c45a1
4. 0060b0-880a80 (
the address you authorized
with the mac-address parameter)
In this example port A4 would assume the following
list of authorized addresses:
080090-1362f2 (the first address the port
detected)
00f031-423fc1 (the second address the port
detected)
0060b0-880a80 (the address you authorized with
the mac-address parameter)
The remaining MAC address detected by the port,
080071-0c45a1, is not allowed and is handled as an
intruder. See also “Retention of Static Addresses” on
page
9-13.
9-9
To Next Page
Loading...
Need help?
General