Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03)
Port Security
© 2008 Foundry Networks, Inc.
Page 38 of 73
action trap
Generates an SNMP trap and a log message when a security
violation occurs.
max-mac-count
<number-of-addresses>
(Optional). The maximum numbers of secure addresses that this
port can support. The range is <1-2048> MAC addresses.
filter-learn-disable
(Optional). The violating MAC address will not be learned in the
MAC address table.
vlan <vlan-id>
(Optional). The VLAN identity number in the range <2-4093>. If
no VLAN ID is specified, the feature will be enabled on all
VLANs.
Example 1
The following example disables learning of the violating MAC address in the MAC address table:
device-name
(config)#
interface 1/1/11
device-name
(config-if 1/1/11)#
port security max-mac-count 15 filter-
learn-disable
Example 2
The following example displays how to secure port 1/1/11 for VLAN 5 with a maximum of five
secure addresses:
device-name
(config)#
interface 1/1/11
device-name
(config-if 1/1/11)#
port security max-mac-count 5 vlan 5
Opening a Shut Down Port
The
port security enable-shutdown-port
command, in Interface Configuration mode, opens a
port that has been shut down due to a security violation.
The user can verify that a port is shut down due to a security violation by using the
show port
security
command in Privileged (Enable) mode.
NOTE
After executing the command, the occurrence of a security violation will cause the
port to be shut down again.
Command Syntax
device-name
(config-if
UU/SS/PP
)#
port security enable-shutdown-port
[
vlan
<vlan-id>
]
vlan <vlan-id>
(Optional). The VLAN identity number in the range <2-4093>. If no VLAN
ID is specified the counter will be incremented whenever a packet arrives
on any VLAN.
Setting a Limit on MAC Addresses on a Port
The
port limit
command, in Interface Configuration mode, sets a limit to the number of learned
MAC addresses on the specified port. The
no
form of the command removes the MAC address