Support User Manuals

GE ML1200 Switch User Manual

Open as PDF

of 344

6–4 MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

ACCESS CONSIDERATIONS CHAPTER 6: ACCESS CONSIDERATIONS

• remove mac - removes specific or all MAC addresses from port security lookup

•

signal port=<num|list|range> - observe list of specified ports and notify if

there is a security breach on the list of port specified. The signal can be a log entry,

a trap to the trap receiver specified as part of the SNMP commands (where is that

specified) or both

Note

There is a limitation of 200 MAC addresses per port and 500 MAC addresses per switch for

port security.

Note

All commands listed above must be executed under the port security configuration mode.

Let's look at a few examples. The following command allows specific MAC addresses on a

specified port. No spaces are allowed between specified MAC addresses.

ML1200(port-security)## allow

mac=00:c1:00:7f:ec:00,00:60:b0:88:9e:00 port=18

The following command sequence sets the port security to learn the MAC addresses. Note

that a maximum of 200 MAC addresses can be learned per port, to a maximum of 500 per

switch. Also, the

action on the port must be set to none before the port learns the MAC

address information.

ML1200(port-security)## action port=1, 2 none

ML1200(port-security)##

learn port=1, 2 enable

The following command sequence enables and disables port security

ML1200(port-security)## ps enable

Port Security is already enabled

ML1200(port-security)## ps disable

Port Security Disabled

ML1200 ps enable

Port Security Enabled

6.2.2 Allowing MAC Addresses

The Port Security feature has to be used with the combination of commands shown below

in order for it to be implemented successfully.

To configure a port to allow only a certain MAC address (single or a list of max 200 MAC

addresses per port and 500 MAC addresses per ML1200, as per manuals) we have to:

1. Verify that the port is in default port security status.

2. Use the following commands:

#port-security

(port-security)##ps enable

(port-security)##allow mac=<address,list,range> port=<num,list,range>

(port-security)##action port=<num,list,range>drop

Note

All the above commands have to be configured in this sequence, otherwise the port will

remain insecure.

previous next