Configuring and Monitoring Port Security
Port Security
Syntax: port-security (Continued)
refer to the chapter titled “Interface Access and System
Information” in the Management and Configuration
Guide for your switch. To set the learn-mode to limited
use
this command syntax:
port-security <port-list> learn-mode limited address-limit
< 1..32 > action < none | send-alarm | send-disable >
learn-mode < continuous | static | port-access | configured | limited-
continuous >
limited-continuous (continued): The default address-limit is 1
but may be set for each port to learn up to 32 addresses.
The default action is
none. To see the list of learned
addresses for a port use the command:
show mac < port-list >
address-limit < integer >
When learn-mode is set to
static, configured, or limited-continuous,
the
address-limit parameter specifies how many authorized
devices (MAC addresses) to allow. Range: 1 (the default)
to 8 for static
and configured modes. For learn-mode with the
limited-continuous
option, the range is 1-32 addresses.
mac-address [<mac-addr>] [<mac-addr>] . . . [<mac-addr>]
Available for
learn-mode with the, static, configured, or limited-
continuous option. Allows up to eight authorized devices
(MAC addresses) per port, depending on the value
specified in the
address-limit parameter. The mac-address
limited
mode allows up to 32 authorized MAC addresses per
port.
If you use mac-address
with static, but enter fewer devices
than you specified in the address-limit field, the port accepts
not only your specified devices, but also as many other
devices as it takes to reach the device limit. For example,
if you specify four devices, but enter only two MAC
addresses, the port will accept the first two non-specified
devices it detects, along with the two specifically
authorized devices. Learned addresses that become
authorized do not age-out. See also “Retention of Static
Addresses” on page 11-16.
— Continued —
11-14
To Next Page
Loading...
