Dell FCX624-S Laptop User Manual


  Open as PDF
of 1494
 
PowerConnect B-Series FCX Configuration Guide 1267
53-1002266-01
Configuring the MAC port security feature
35
Syntax: [no] autosave <minutes>
The <minutes> variable can be from 15 through 1440 minutes. By default, secure MAC addresses
are not autosaved to the startup-config file.
Specifying the action taken when a security
violation occurs
A security violation can occur when a user tries to connect to a port where a MAC address is
already locked, or the maximum number of secure MAC addresses has been exceeded. When a
security violation occurs, an SNMP trap and Syslog message are generated.
You can configure the device to take one of two actions when a security violation occurs; either
drop packets from the violating address (and allow packets from secure addresses), or disable the
port for a specified time.
Dropping packets from a violating address
To configure the device to drop packets from a violating address and allow packets from secure
addresses, enter the following commands.
PowerConnect(config)#interface ethernet 7/11
PowerConnect(config-if-e1000-7/11)#port security
PowerConnect(config-port-security-e1000-7/11)#violation restrict
Syntax: violation [restrict]
NOTE
When the restrict option is used, the maximum number of MAC addresses that can be restricted is
128. If the number of violating MAC addresses exceeds this number, the port is shut down. An
SNMP trap and the following Syslog message are generated: "Port Security violation restrict limit
128 exceeded on interface ethernet <port_id>". This is followed by a port shutdown Syslog message
and trap.
Specifying the period of time to drop packets from a violating address
To specify the number of minutes that the device drops packets from a violating address, use
commands similar to the following.
PowerConnect(config)#interface ethernet 7/11
PowerConnect(config-if-e1000-7/11)#port security
PowerConnect(config-port-security-e1000-7/11)#violation restrict 5
Syntax: violation restrict <age>
The <age> variable can be from 0 through 1440 minutes. The default is 5 minutes. Specifying 0
drops packets from the violating address permanently.
Aging for restricted MAC addresses is done in software. There can be a worst case inaccuracy of
one minute from the specified time.
The restricted MAC addresses are denied in hardware.