197
NAS-ID profile is not configured
Dot1x-failure trap : Disabled
Dot1x-logon trap : Disabled
Dot1x-logoff trap : Enabled
Intrusion trap : Disabled
Address-learned trap : Enabled
Mac-auth-failure trap : Disabled
Mac-auth-logon trap : Enabled
Mac-auth-logoff trap : Disabled
OUI value list :
GigabitEthernet1/0/1 is link-up
Port mode : autoLearn
NeedToKnow mode : Disabled
Intrusion protection mode : DisablePortTemporarily
Security MAC address attribute
Learning mode : Sticky
Aging type : Periodical
Max secure MAC addresses : 64
Current secure MAC addresses : 5
Authorization : Permitted
NAS-ID profile is not configured
The output shows the following information:
• The port security's limit on the number of secure MAC addresses on the port is 64.
• The port security mode is autoLearn.
• The intrusion protection action is disabling the port (DisablePortTemporarily) for 30 seconds.
The port allows for MAC address learning, and you can display the number of learned MAC
addresses in the Current number of secure MAC addresses field.
# Display additional information about the learned MAC addresses.
[Device] interface gigabitethernet 1/0/1
[Device-GigabitEthernet1/0/1] display this
#
interface GigabitEthernet1/0/1
port-security max-mac-count 64
port-security port-mode autolearn
port-security mac-address security sticky 0002-0000-0015 vlan 1
port-security mac-address security sticky 0002-0000-0014 vlan 1
port-security mac-address security sticky 0002-0000-0013 vlan 1
port-security mac-address security sticky 0002-0000-0012 vlan 1
port-security mac-address security sticky 0002-0000-0011 vlan 1
#
[Device-GigabitEthernet1/0/1] quit
# Verify that the port security mode changes to secure after the number of MAC addresses learned
by the port reaches 64.
[Device] display port-security interface gigabitethernet 1/0/1
# Verify that the port will be disabled for 30 seconds after it receives a frame with an unknown MAC
address. (Details not shown.)
To Next Page
Loading...
Need help?
General