DIS-200G Series Gigabit Ethernet Switch CLI Reference Guide
138
The valid range is from 0 to 1440 in minutes.
maximum
VALUE
(Optional) Specifies to set the maximum number of secure MAC
addresses allowed. If not specified, the default value is 32. The
valid range is from 1 to 64.
protect
(Optional) Specifies to drop all packets from the insecure hosts at
the port-security process level, but does not increment the security-
violation count.
restrict
(Optional) Specifies to drop all packets from the insecure hosts at
the port-security process level and increments the security-violation
count and record the system log.
shutdown
(Optional) Specifies to shut down the port if there is a security
violation and record the system log.
Default
By default, this option is disabled.
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 15.
Usage Guideline
When port security is enabled, the port will automatically learn the dynamic secured entry which will be timed
out. These entries will be aged out based on the setting specified by the
switchport port-security aging
command.
As the port mode-security state is changed, the violation counts will be cleared. As the port-security state is
changed to disabled, the auto-learned secured entries and violation counts are cleared. When the maximum
setting is changed, the auto-learned secured entries and violation counts are cleared.
A port-security enabled port has the following restrictions.
If the port is a link aggregation member port, the port security function cannot be enabled.
When the maximum number of secured users is exceeded, one of the following actions can occur:
Protect
- When the number of port secure MAC addresses reaches the maximum number of users that
is allowed on the port, the packets with the unknown source address is dropped until some secured
entry is removed to release the space.
Restrict
- A port security violation restricts data and causes the security violation counter to increment.
Shutdown
- The interface is disabled, based on errors, when a security violation occurs.
Example
This example shows how to configure the port security maximum of 5 secure MAC addresses are allowed on
the port.
Switch# configure terminal
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# switchport port-security maximum 5
Switch(config-if)#
This example shows how to configure the Switch to drop all packets from the insecure hosts at the port-
security process level and increment the security violation counter if a security violation is detected.
Switch# configure terminal