DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide
428
Port Security Commands
44-1 switchport port-security
This command is used to configure port security and the way to deal with violation of the interface. Use the no form of
the command to disable the port security or recover it to the default.
switchport port-security [violation {protect | restrict | shutdown}]
no switchport port-security [violation]
Parameters
port-security
Specifies to enable the port security function of this interface.
violation protect
Specifies to set the security violation to the protect mode. In this mode, when the
number of port secure MAC address reaches the maximum limit allowed on the port,
the packets with unknown source address will be dropped until you remove a
sufficient number of secure MAC address or increase the number of maximum
allowable address. When a security violation occurred, an SNMP trap is not sent,
and a syslog message is not logged.
violation restrict
Specifies to set the security violation to the restrict mode. In this mode, when the
number of port secure MAC address reaches the maximum limit allowed on the port,
the packets with unknown source address will be dropped until you remove a
sufficient number of secure MAC address or increase the number of maximum
allowable address. At the same time, When a security violation occurred, an SNMP
trap is not sent, but a syslog message is logged.
violation shutdown
Specifies to set the security violation to the shutdown mode. In this mode, when the
number of port secure MAC address reaches the maximum limit allowed on the port,
the port will become error-disabled and be shut down immediately. When a security
violation occurred, an SNMP trap is not sent, but a syslog message is logged.
Default
The default is to disabled port security for all ports.
The default violation mode is protect mode.
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 8
Usage Guideline
With port security, you can use the port security feature to restrict input to an
interface by limiting and identifying MAC addresses of the stations allowed to access
the port. When you assign secure MAC addresses to secure port, the port does not
forward packets with source addresses outside the group of defined addresses. If a
port is configured as a secure port and maximum number of secure MAC addresses
is reached, when the MAC address of a station attempting to access the port is
different from any of the identified secure MAC addresses, a security violation
occurs. In addition, a secure port has the following limitations: A secure port cannot
belong to link aggregation port, and if the state of sticky learning is enabled, and
disables port security, an error message will also prompt. And port security and
802.1x authentication are not compatibility.
Example
This example shows how to enable port security on interface tenGigabitEthernet 1/0/
1, and the way to deal with violation is restrict.
DXS-3600-32S#configure terminal
DXS-3600-32S(config)#interface tenGigabitEthernet 1/0/1
DXS-3600-32S(config-if)#switchport mode access
DXS-3600-32S(config-if)#switchport port-security
DXS-3600-32S(config-if)#switchport port-security violation restrict
DXS-3600-32S(config-if)#
Summary of Contents for DXS-3600-16S
Page 1: ...CLI Reference Guide Product Model DXS 3600 Series Layer 2 3 Managed 10GbE Switch Release 1 10 ...
Page 232: ...DXS 3600 Series 10GbE Layer 2 3 Switch CLI Reference Guide 224 ...
Page 301: ...DXS 3600 Series 10GbE Layer 2 3 Switch CLI Reference Guide 293 ...
Page 349: ...DXS 3600 Series 10GbE Layer 2 3 Switch CLI Reference Guide 341 ...
Page 494: ...DXS 3600 Series 10GbE Layer 2 3 Switch CLI Reference Guide 486 ...
Page 564: ...DXS 3600 Series 10GbE Layer 2 3 Switch CLI Reference Guide 556 ...
Page 649: ...DXS 3600 Series 10GbE Layer 2 3 Switch CLI Reference Guide 641 ...