184
# Enable intrusion protection traps.
[Router] port-security trap intrusion
[Router] interface gigabitethernet 1/0/1
# Set the maximum number of secure MAC addresses allowed on the port to 64.
[Router-GigabitEthernet1/0/1] port-security max-mac-count 64
# Set the port security mode to
autoLearn
.
[Router-GigabitEthernet1/0/1] port-security port-mode autolearn
# Configure the port to be silent for 30 seconds after the intrusion protection feature is triggered.
[Router-GigabitEthernet1/0/1] port-security intrusion-mode disableport-temporarily
[Router-GigabitEthernet1/0/1] quit
[Router] port-security timer disableport 30
2.
Verify the configuration.
After completing the configurations, use the following command to view the port security configuration
information:
[Router] display port-security interface gigabitethernet 1/0/1
Equipment port-security is enabled
Intrusion trap is enabled
Disableport Timeout: 30s
OUI value:
GigabitEthernet1/0/1 is link-up
Port mode is autoLearn
NeedToKnow mode is disabled
Intrusion Protection mode is DisablePortTemporarily
Max MAC address number is 64
Stored MAC address number is 0
Authorization is permitted
The output shows that the maximum number of secure MAC addresses on the port is 64, the port security
mode is
autoLearn
, intrusion protection traps are enabled, and the intrusion protection action is
disabling the port (
DisablePortTemporarily
) for 30 seconds.
Use the command repeatedly to track the number of MAC addresses learned by the port, or use
display
this
in interface view to display the secure MAC addresses learned:
[Router] interface gigabitethernet 1/0/1
[Router-GigabitEthernet1/0/1] display this
#
interface GigabitEthernet1/0/1
port-security max-mac-count 64
port-security port-mode autolearn
port-security mac-address security 0002-0000-0015 vlan 1
port-security mac-address security 0002-0000-0014 vlan 1
port-security mac-address security 0002-0000-0013 vlan 1
port-security mac-address security 0002-0000-0012 vlan 1
port-security mac-address security 0002-0000-0011 vlan 1
#