Fujitsu XG2000 Switch User Manual


 
XG2000 series User's Guide
152/315
All Rights Reserved, Copyright (C) PFU LIMITED 2009
5.10.12 port-security
Function
Sets port security based on the source MAC address.
When port security is enabled, register the MAC addresses permitted using the "bridge mac-address-table" command.
Use the no form to disable port security.
Prompt
xg(config-if)# or xg(config-agg)#
Command syntax
port-security violation { restrict | shutdown }
no port-security
Parameter
z violation { restrict | shutdown }
Specifies the action when receiving a violating frame.
restrict
When a violating frame is detected an error log entry is recorded, and an SNMP trap
message is sent.
The violating frame is discarded, and the port set to a violation state.
shutdown
When a violating frame is detected an error log entry is recorded, and an SNMP trap
message is sent.
The port is set to a violation state then goes link down.
Command type
Configuration command
Default
None
Note
z When a security violation is detected, the port is set to a in violation state. The "Link Status Detail" of the "show
interface" command will display "PSL".
After eliminating the cause of the violation, clear the violation state with the "clear violation" command to return the port
to usable state.
z When port security is enabled, throughput decreases by about 10%, since the forwarding overhead increases. Also,
receiving a frame that causes a security violation affects transmission from the port. Therefore, in an environment
where security violations occur frequently, a decrease in the transmission rate should be anticipated.
Example
Set port security to switch port 3.
Then, when port 3 is in violation, check the port state using the "show interface" command.
After eliminating the cause of violation, make it usable again using the "clear violation" command.
xg(config)# interface port 3
xg(config-if)# port-security violation shutdown
xg(config-if)#exit
xg(config)#exit
- When the port is in violation state.
xg#show interface port 3
- When link Status Detail is "PSL."
xg# clear violation port 3