C
OMMAND
L
INE
I
NTERFACE
4-102
Port Security Commands
These commands can be used to disable the learning function or manually
specify secure addresses for a port. You may want to leave port security off
for an initial training period (i.e., enable the learning function) to register
all the current VLAN members on the selected port, and then enable port
security to ensure that the port will drop any incoming frames with a
source MAC address that is unknown or has been previously learned from
another port.
port security
This command enables or configures port security. Use the no form
without any keywords to disable port security. Use the no form with the
appropriate keyword to restore the default settings for a response to
security violation or for the maximum number of allowed addresses.
Syntax
port security [action {shutdown | trap | trap-and-shutdown}
| max-mac-count address-count]
no port security [action | max-mac-count]
• action - Response to take when port security is violated.
• shutdown - Disable port only.
• trap - Issue SNMP trap message only.
• trap-and-shutdown - Issue SNMP trap message and disable port.
• max-mac-count
• address-count - The maximum number of MAC addresses that can be
learned on a port. (Range: 0 - 20)
Table 4-30 Port Security Commands
Command Function Mode Page
port security Configures a secure port IC 4-102
mac-address-table static Maps a static address to a port in a
VLAN
GC 4-201
show mac-address-table Displays entries in the
bridge-forwarding database
PE 4-203