NETGEAR M7100 Switch User Manual


 
270 | Chapter 15. Security Management
ProSafe M4100 and M7100 Managed Switches
given in the software Release Notes. After the limit is reached, additional MAC addresses
are not learned. Only frames with an allowable source MAC addresses are forwarded.
Note: If you want to set a specific MAC address for a port, set the dynamic
entries to 0, then allow only packets with a MAC address matching
the MAC address in the static list.
Dynamically locked addresses can be converted to statically locked addresses.
Dynamically locked MAC addresses are aged out if another packet with that address is
not seen within the age-out time.
You can set the time out value. Dynamically locked
MAC addresses are eligible to be learned by another port. Static MAC addresses are not
eligible for aging.
Static locking.
You can manually specify a list of static MAC addresses for a port.
Dynamically locked addresses can be converted to statically locked addresses.
Set the Dynamic and Static Limit on Port 1/0/1
The example is shown as CLI commands and as a Web interface procedure.
CLI: Set the Dynamic and Static Limit on Port 1/0/1
(Netgear Switch) (Config)#port-security
Enable port-security globally
(Netgear Switch) (Config)#interface 1/0/1
(Netgear Switch) (Interface 1/0/1)#port-security
Enable port-security on port 1/0/1
(Netgear Switch) (Interface 1/0/1)#port-security max-dynamic 10
Set the dynamic limit to 10
(Netgear Switch) (Interface 1/0/1)#port-security max-static 3
Set the static limit to 3
(Netgear Switch) (Interface 1/0/1)#ex
(Netgear Switch) (Config)#ex
(Netgear Switch) #show port-security 1/0/1
Admin Dynamic Static Violation
Intf Mode Limit Limit Trap Mode
------ ------- ---------- --------- ----------
1/0/1 Disabled 10 3 Disabled
Web Interface: Set the Dynamic and Static Limit on Port 1/0/1
1. Select Security > Traffic Control > Port Security >Port Administrator.