Support User Manuals

GE ML1600 Switch User Manual

Open as PDF

of 324

6–6 MULTILINK ML1600 ETHERNET COMMUNICATIONS SWITCH – INSTRUCTION MANUAL

CONFIGURING PORT SECURITY THROUGH THE COMMAND LINE INTERFACE CHAPTER 6: ACCESS CONSIDERATIONS

Example 6-3 shows how to allow specific MAC address on specific ports. After the MAC

address is specified, the port or specific ports or a range of ports can be queried as shown.

Example 6-4 shows how to remove a MAC address from port security

To set logging on a port, use the following command sequence:

ML1600(port-security)## signal port=11 logandtrap

Port security Signal type set to Log and

Trap on selected port(s)

The examples provided illustrate the necessary commands to setup port security. The

recommended steps to setup security are:

Z Set the ML1600 software to allow port security commands (use the

port-security command).

Z Enable port security (use the

enable ps command).

Z Enable learning on the required ports (for example, use the

learn

port=11

enable command for port 11).

Z Verify learning is enables and MAC addresses are being learnt on

required ports (use the

show port-security port=11

command).

Z Save the port-security configuration (use the

save command).

Z Disable learning on required ports (for example, use the

learn

port=11,15 disable

command).

Example 6-3: Allowing specific MAC addresses on specific ports

ML1600(port-security)##

allow mac=00:c1:00:7f:ec:00 port=9,11,13

Specified MAC address(es) allowed on selected port(s)

ML1600(port-security)## show port-security port=9,11,13

PORT STATE SIGNAL ACTION LEARN COUNT MAC ADDRESS

---- ----- ------ ------ ----- ----- -----------

9 ENABLE LOG NONE ENABLE 6 00:e0:29:2a:f1:bd

00:01:03:e2:27:89

00:07:50:ef:31:40

00:e0:29:22:15:85

00:03:47:ca:ac:45

00:30:48:70:71:23

00:c1:00:7f:ec:00

11 ENABLE NONE NONE ENABLE 0 00:c1:00:7f:ec:00

13 ENABLE NONE NONE DISABLE 0 00:c1:00:7f:ec:00

Example 6-4: Removing MAC addresses from specific ports

ML1600(port-security)##

remove mac=00:c1:00:7f:ec:00 port=13

Specified MAC address(es) removedfrom selected

port(s)

ML1600(port-security)## show port-security port=13

PORT STATE SIGNAL ACTION LEARN COUNT MAC ADDRESS

---- ----- ------ ------ ----- ----- -----------

13 ENABLE NONE NONE ENABLE 0 Not Configured

ML1600(port-security)##

previous next