Filter
Top Products
CLI (Command Line Interface)
203
NXA-ENET24 - Software Management Guide
Port Security Commands
These commands can be used to disable the learning function or manually specify secure addresses for a port.
You may want to leave port security off for an initial training period (i.e., enable the learning function) to
register all the current VLAN members on the selected port, and then enable port security to ensure that the
port will drop any incoming frames with a source MAC address that is unknown or has been previously
learned from another port.
Port Security Commands
Command Function
port security
This command enables or
configures port security.
Use the no form without any key-
words to disable port security.
Use the no form with the
appropriate keyword to restore the
default settings for a response to
security violation or for the
maximum number of allowed
addresses.
Syntax:
port security [action {shutdown | trap | trap-and-shutdown}
| max-mac-count address-count]
no port security [action | max-mac-count]
• action - Response to take when port security is violated.
shutdown - Disable port only.
trap - Issue SNMP trap message only.
trap-and-shutdown - Issue SNMP trap message and disable port.
• max-mac-count
address-count - The maximum number of MAC addresses that can be
learned on a port. (Range: 0-1024)
Default Settings:
• Status: Disabled
• Action: None
• Maximum Addresses: 0
Command Mode: Interface Configuration (Ethernet)
Command Usage: If you enable port security, the switch stops learning
new MAC addresses on the specified port when it has reached a config-
ured maximum number. Only incoming traffic with source addresses
already stored in the dynamic or static address table will be accepted.
First use the port security max-mac-count command to set the number of
addresses, and then use the port security command to enable security
on the port.
Use the no port security max-mac-count command to disable port secu-
rity and reset the maximum number of addresses to the default.
You can also manually add secure addresses with the mac-address-table
static command.
A secure port has the following restrictions:
• Cannot use port monitoring.
• Cannot be a multi-VLAN port.
• Cannot be connected to a network interconnection device.
• Cannot be a trunk port.
If a port is disabled due to a security violation, it must be manually re-
enabled using the no shutdown command.
Example: The following example enables port security for port 5, and
sets the response to a security violation to issue a trap message:
Console(config)#interface ethernet 1/5
Console(config-if)#port security action trap