Filter
Top Products
Chapter 58: MAC Address-based Port Security
842
Configuring Ports
There are three things you need to decide before you configure MAC
address-based port security on the ports. They are:
What is the maximum number of source MAC addresses the ports
can learn?
Should the source MAC addresses learned by the ports be stored
as dynamic or static addresses in the MAC address table?
Is the intrusion action protect, restrict, or shutdown?
See Table 83 for a list of the commands.
These commands are found in the Port Interface mode and can be
entered in any order when you configure the ports.
Here are a few examples on how to use the commands. In this first
example, ports 4 and 5 are configured to learn up to 25 source MAC
addresses each, and to store the addresses as static addresses in the
MAC address table. The intrusion action is set to protect so that the ports
discard packets with unknown MAC addresses after they have learned the
maximum number of addresses, but the switch does not send SNMP
traps:
Table 83. MAC Address-based Port Security Commands and Descriptions
To Use This Command Range
Set the maximum number of source
MAC addresses a port can learn.
SWITCHPORT PORT-SECURITY
MAXIMUM value
0 to 255
addresses
Configure ports to save the source
MAC addresses as dynamic
addresses in the MAC address table.
SWITCHPORT PORT-SECURITY
AGING
-
Configure ports to save the source
MAC addresses as static addresses in
the MAC address table.
NO SWITCHPORT PORT-SECURITY
AGING
-
Set the intrusion action on the ports. SWITCHPORT PORT-SECURITY
VIOLATION PROTECT|RESTRICT|
SHUTDOWN
-