Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03)
Port Security
© 2008 Foundry Networks, Inc.
Page 44 of 73
device-name
(config)#
exit
device-name
#
show mac-address-table
+===========+===================+=========+===========+==========
| vid | mac | port | status | priority
+-----------+-------------------+---------+-----------+----------
| 0000 | 00:12:f2:07:13:29| 0/0/0 | self | 0
| 0001 | 00:12:f2:07:13:29| 0/0/0 | self | 0
| 0002 | 00:02:4b:82:60:e2| 1/1/2 | secure | 0
| 0002 | 00:02:55:58:0d:8c| 1/1/2 | secure | 0
| 0002 | 00:02:55:98:52:f4| 1/1/2 | secure | 0
| 0002 | 00:40:95:30:0b:f8| 1/1/3 | dynamic | 0
5. Check the port security definitions:
device-name
#
show port security 1/1/2
ALL VLANS:
The port is : secured
State : enabled
Action : send a trap
Max secured addresses = 3
Current secured addresses = 3
Current filtered addresses = 0
Opening Shut-down Ports
The following example sets the maximum number of secure addresses to five. The example shows
how to open a port that has been shut down due to a security violation.
1. Configure port 1/1/4 as secured, learning maximum 5 secure addresses, and shutting down in
case of security violation:
device-name
#
configure terminal
device-name
(config)#
interface 1/1/4
device-name
(config-if 1/1/4)#
port security max-mac-count 5
device-name
(config-if 1/1/4)#
port security action shutdown
device-name
(config-if 1/1/4)#
end
device-name
#
show port security
|===================================================================|
|port#| vid |action |max addr|secure addr|filtered addr|status |
|-----+---------+--------+--------+-----------+-------------+-------|
|1/1/4|all vlans|shutdown| 5 | 1 | 0 |enabled|
2. Allow the port to learn 10 addresses and inspect what
show port security
displays. The port
has learned 4 addresses as secure and the rest as filtered, because the number of incoming
packets has exceeded the maximum number of secure addresses that the port is set to
remember. The current state of the port is disabled (it has been shut down).
device-name
#
show port security
|====================================================================|
|port#| vid |action |max addr|secure addr|filtered addr|status |
|-----+---------+--------+--------+-----------+-------------+--------|
|1/1/4|all vlans|shutdown| 5 | 5 | 6 |disabled|
3. Re-open the port:
device-name
#
configure terminal
device-name
(config)#
interface 1/1/4