Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03)
Port Security
© 2008 Foundry Networks, Inc.
Page 43 of 73
device-name
(config-if 1/1/2)#
interface 1/1/3
device-name
(config-if 1/1/3)#
port security max-mac-count 6
device-name
(config-if 1/1/3)#
port security action shutdown
3.
Enable port security on interface 1/1/4 with a maximum of six MAC
addresses. After six MAC addresses have been learned as
secure
, the
following MAC addresses will be learned as
filtered
and a security
violation trap will be generated:
device-name
(config-if 1/1/3)#
interface 1/1/4
device-name
(config-if 1/1/4)#
port security max-mac-count 6
device-name
(config-if 1/1/4)#
end
4.
The configured settings are displayed by the
show
command in
Privileged mode as follows:
device-name
#
show port security
|===================================================================|
|port#| vid |action | max addr |secure addr|filtered addr|status |
|-----+---------+--------+-----------+-----------+-------------|-------|
|1/1/2|all vlans|trap |not-limited| 0 | 0 |enabled|
|1/1/3|all vlans|shutdown| 6 | 0 | 0 |enabled|
|1/1/4|all vlans|trap | 6 | 0 | 0 |enabled|
Port Security with Static MAC Addresses
The following example sets the maximum number of addresses to three. The system is allowed to
learn up to three MAC addresses and to send SNMP traps on in the event of over-learning.
1. Configure the SNMP trap host to receive traps:
device-name
#
configure terminal
device-name
(config)#
snmp-server enable
device-name
(config)#
snmp-server view viewAll 1.3 included
device-name
(config)#
snmp-server group notify_only v1 read none write none
notify viewAll
device-name
(config)#
snmp-server user notify_user group notify_only v1
device-name
(config)#
snmp-server target-param MyParam notify_user v1
device-name
(config)#
snmp-server target-addr blaaddr1 10.2.3.44 162
MyParam tag_1
device-name
(config)#
snmp-server notify portSecurityViolation tag_1
2. Configure the interface 1/1/2 to learn a maximum of three MAC addresses.
device-name
(config)#
interface 1/1/2
device-name
(config-if 1/1/2)#
port security max-mac-count 3
device-name
(config-if 1/1/2)#
exit
3. Return to Global Configuration mode and define three MAC addresses to be
learned:
device-name
(config)#
mac-address-table secure 00:02:4b:82:60:e2 interface
1/1/2 vlan 2
device-name
(config)#
mac-address-table secure 00:02:55:58:0d:8c interface
1/1/2 vlan 2
device-name
(config)#
mac-address-table secure 00:02:55:98:52:f4 interface
1/1/2 vlan 2
4. In Privileged mode, check that the MAC addresses were learned.