User Guide
582
Configuring Port Security
Port Security Configuration
Step 3
mac address-table max-mac-count { [max-number
num
] [exceed-max-learned
enable | disable
] [mode
{ dynamic | static | permanent }
] [ status
{ forward | drop | disable }
]}
Enable the port security feature of the port and configure the related parameters.
num
:
The maximum number of MAC addresses that can be learned on the port. The valid
values are from 0 to 64. The default value is 64.
exceed-max-learned:
With exceed-max-learned enabled, when the maximum number of
MAC addresses on the specified port is exceeded, a notification will be generated and sent
to the management host.
enable:
Enable exceed-max-learned.
disable:
Disable exceed-max-learned.
mode
: Learn mode of the MAC address. There are three modes:
dynamic
: The switch will delete the MAC addresses that are not used or updated within the
aging time.
static
: The learned MAC addresses are out of the influence of the aging time and can only
be deleted manually. The learned entries will be cleared after the switch is rebooted.
permanent
: The learned MAC address is out of the influence of the aging time and can only
be deleted manually. The learned entries will be saved even the switch is rebooted.
status
: Status of port security feature. By default, it is disabled.
drop
: When the number of learned MAC addresses reaches the limit, the port will stop
learning and discard the packets with the MAC addresses that have not been learned.
forward
: When the number of learned MAC addresses reaches the limit, the port will stop
learning but send the packets with the MAC addresses that have not been learned.
disable
: The number limit on the port is not effective, and the switch follows the original
forwarding rules. It is the default setting.
Step 4
show mac address-table max-mac-count interface { fastEthernet
port
| gigabitEthernet
port
| ten-gigabitEthernet
port
}
Verify the Port Security configuration and the current learned MAC addresses of the port.
Step 5
end
Return to privileged EXEC mode.
Step 6
copy running-config startup-config
Save the settings in the configuration file.
Note:
•
Port Security cannot be enabled on the member port of a LAG, and the port with Port Security
enabled cannot be added to a LAG.
•
On one port, Port Security and 802.1x cannot be enabled at the same time.
The following example shows how to set the maximum number of MAC addresses that can
be learned on port 1/0/1 as 30, enable exceed-max-leaned feature and configure the mode
as permanent and the status as drop:
Switch#configure
Switch(config)#interface gigabitEthernet
1/0/1
Downloaded from