Configuring and Monitoring Port Security
Port Security Command Options and Operation
Syntax: port-security (Continued)
learn-mode < continuous | static | port-access | configured | limited-
continuous > (Continued)
Caution: When you use the static parameter with a device limit greater
than the number of MAC addresses you specify with mac-address, an
unwanted device can become “authorized”. This can occur because the
port, in order to fulfill the number of devices allowed by the address-limit
parameter (explained below), automatically adds devices it detects until
the specified limit is reached.
port-access: Enables you to use Port Security with (802.1x)
Port-Based Access Control. Refer to chapter 8, Configuring
Port-Based Access Control (802.1x).
configured: Must specify which MAC addresses are allowed
for this port. Range is 1 (default) to 8 and addresses are
not ageable. Addresses are saved across reboots.
limited-continuous: Also known as MAC Secure, or “limited”
mode. The limited parameter sets a finite limit to the
number of learned addresses allowed per port. (You can
set the range from 1, the default, to a maximum of 32 MAC
addresses which may be learned by each port.)
All addresses are ageable, meaning they are
automatically removed from the authorized address list
for that port after a certain amount of time. Limited mode
and the address limit are saved across reboots, but
addresses which had been learned are lost during the
reboot process.
Addresses learned in the limited mode are normal
addresses learned from the network until the limit is
reached, but they are not configurable. (You cannot enter
or remove these addresses manually if you are using learn-
mode with the limited-continuous option.)
Addresses learned this way appear in the switch and port
address tables and age out according to the MAC Age Interval
in the System Information configuration screen of the
Menu interface or the show system-information
listing. You
can set the MAC age out time using the CLI, SNMP, Web,
or menu interfaces. For more information on the mac-age
-
time command see the chapter on “Interface Access, System
Information, and Friendly Port Names” in the Management
and Configuration Guide for your switch. To set the learn-
mode to limited use this command syntax:
port-security <port-list> learn-mode limited address-limit
< 1..32 > action < none | send-alarm | send-disable >
9-10
To Next Page
Loading...
Need help?
General