A10E/A28E/A28F Configuration Guide
Alpha-A28E(config)#interface port 3
Alpha-A28E(config-port)#switchport port-security
Alpha-A28E(config-port)#switchport port-security maximum 1
Alpha-A28E(config-port)#switchport port-security mac-address sticky
0000.0000.0002 vlan 1
Alpha-A28E(config-port)#switchport port-security mac-address sticky
Alpha-A28E(config-port)#switchport port-security violation shutdown
Checking results
Check whether port security MAC configuration is correct by the command of show port-
security [ port-list port-list ].
Alpha-A28E#show port-security port-list 1-3
Port security aging time:10 (mins)
port status Max-Num Cur-Num His-Num vio-Count vio-action Dynamic-Trap
-------------------------------------------------------------------------
1 Enable 3 1 0 0 protect Enable
2 Enable 2 0 0 0 restrict Disable
3 Enable 1 1 0 0 shutdown Disable
Check secure MAC address and secure MAC address learning configurations on an interface
by the command of show port-security mac-address.
Alpha-A28E#show port-security mac-address
VLAN Security-MAC-Address Flag Port Age(min)
-------------------------------------------------
2 0000.0000.0001 static 1 --
2 0000.0000.0002 sticky 3 --
6.3 Dynamic ARP inspection
6.3.1 Introduction
Dynamic ARP inspection is used for ARP protection of unsecure interface and prevents from
responding ARP packets which do not meet the requirements, thus preventing ARP spoofing
attack on the network.
There are 2 modes for dynamic ARP inspection:
Static binding mode: set the binding relationship manually.
Dynamic binding mode: in cooperation with the DHCP snooping to generate dynamic
binding relationship. When DHCP Snooping entry is changed, the dynamic ARP
inspection will also update dynamic binding entry synchronously.
To Next Page
Loading...