Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03)
Port Security
© 2008 Foundry Networks, Inc.
Page 37 of 73
NOTE
Using the
no port security action trap
form of the command will disable the action
on the violating MAC addresses.
In the
port security
command, the arguments are optional and mutually exclusive. However, the
user can specify an action (
shutdown
or
trap
) in one
port security
command and specify the
maximum number of secure addresses (
max-mac-count
) in a second port security command for
the same port. Both settings will be effective.
If the user specifies
action trap
, use the proper SNMP commands. For more information see
“
Configuring Simple Network Management Protocol (SNMP)
”.
When the
filter-learn-disable
option is specified, the violating MAC addresses will not be learned
(without this option, the violating MAC addresses will be learned as
filtered
).
The
vlan
option allows port security to be configured per port and VLAN. When the MAC
addresses are secured per port and VLAN, only packets with MAC addresses specified as secure
for this port and VLAN are permitted to access the port.
NOTE
When a packet with a secure source MAC address matches more than one port
security settings, the port security per port and VLAN has precedence over the
port security per port.
NOTE
Port security will not function correctly when learning new-address is disabled per
port or globally.
device-name
(config-if
UU/SS/PP
)#port security max-mac-count <1-2048>
Warning! Port security may not work correctly since learning is disabled on the
port.
By default, filtered MAC learning is enabled, the action is
trap
and
all the addresses will be
learned as
secure
.
Command Syntax
device-name
(config-if
UU/SS/PP
)#
port security
[
max-mac-count <number-of-
addresses>
[
filter-learn-disable
]] [
vlan <vlan-id>
]
device-name
(config-if
UU/SS/PP
)#
no port security
[
max-mac-count
[
filter-
learn-disable
]] [
vlan <vlan-id>
]
device-name
(config-if
UU/SS/PP
)#
no port security all
device-name
(config-if
UU/SS/PP
)#
port security action
{
shutdown
|
trap
}
[
vlan <vlan-id>
]
device-name
(config-if
UU/SS/PP
)#
no port security
action
{
shutdown
|
trap
}
[
vlan <vlan-id>
]
Argument Description
action shutdown
Disables the port when a security violation occurs.