Home » D-Link Manuals » Hubs & Switches » D-Link DGS-6600-48T » Manual Viewer

D-Link DGS-6600-48T Product Manual - Page 879

no shutdown, Protect

Get D-Link DGS-6600-48T PDF manuals and user guides

View all D-Link DGS-6600-48T manuals

Add to My Manuals
Save this manual to your list of manuals

Page 879 highlights

DGS-6604 m switchport port-security If a port-security command is issued without specifying any arguments, then the port security feature will be enabled with the default settings for the maximum and mode parameters. As the port-security state is changed from disabled to enabled or vice versa, the auto-learned MAC entries are cleared, If no arguments are specified when issuing the no port-security command, then the port security feature will be disabled. If the no port-security command, without any options, is applied in global configuration mode, then it will set the port-security to disabled for all ports. When the mode setting is changed, the addresses, both originally learned and configured entries on the port, will be cleared. When the maximum setting is changed, the learned address will remain unchanged when the maximum number increases; the learned address will be cleared when the number is decreased. A port-security enabled port has the following restrictions. • The port security function cannot be enabled simultaneously with dot1x which provides more advanced secure capability. • A port which is in private-vlan mode can not enable port-security. • If a port is specified as the destination port for the mirroring feature, then the port-security function can not be enabled. • If a port is the member port of a channel group, then it cannot be enabled with the port-security function. The system will periodically check whether the secured count is changed within 1 minute intervals. When a security violation is detected, one of the following actions occurs: • Protect - When the number of port-secure addresses reaches the maximum limit that is allowed on the port, the packets with unknown source addresses are dropped until they have a sufficient number of secure MAC addresses manually removed. • Shutdown - The interface is error disabled when a security violation occurs The security-violation count is accumulated and based on the different number of MAC addresses which violate the secured port. Note- When a secure port is in the error-disabled state, it can be manually reenabled by entering no shutdown commands in interface-configuration mode CLI Reference Guide 869

Section	Page
Command Listing by Feature	11
802.1x	11
AAA	11
Access Control Lists	12
Access Management	12
Basic IPv4	13
Basic IPv6	13
Basic Switch	14
BGP	14
Broadcast Storm	16
Chassis	16
Dynamic ARP Inspection	16
DHCP Client (IPv6)	16
DHCP Relay (IPv4)	16
DHCP Relay (IPv6)	17
DHCP Server (IPv4)	17
DHCP Server Screening/ Client Filtering	18
DHCP Snooping	18
DoS Prevention	19
DVMRP	19
ERPS	19
Errdisable	20
File System	20
GVRP	20
IGMP	20
IGMP Snooping	20
Interface	21
IP Utility	21
IP Multicast	21
IPv6 Protocol Independent	21
IP Source Guard	21
IPv6 Tunnel	21
Jumbo Frame	22
L2 FDB	22
LACP	22
lldp-med	22
Loopback Detection	23
Management Port	23
Mirror	24
MSTP	24
Network Load Balancing	24
OSPFv2	24
OSPFv3	26
Password Recovery	27
PIM	27
POE	28
Policy-based Route	28
Port Security	28
Power Saving	28
Protocol Independent	28
QoS	28
QinQ (VLAN Tunnel)	29
RIP	30
RIPng	30
RMON	31
Route Map	31
Safeguard	31
sFlow	32
SNMP Management	32
SSH	32
STP	33
Switch Port	33
Syslog	33
System File Management	34
Time and SNTP	34
Traffic Segmentation	34
VLAN	34
VRRP	35
Voice Vlan	35
aaa authentication	37
aaa authorization	39
aaa group server	40
accept dhcp client-identifier	41
accept dhcp relay-agent	42
acceptable-frame	43
accept-lifetime	44
access vlan	46
address-family ipv4	47
aggregate-address	48
area default-cost	49
area default-cost (IPv6)	50
area nssa	51
area range	53
area range (IPv6)	54
area stub	55
area stub (IPv6)	56
area virtual-link	57
area virtual-link (IPv6)	61
arp	63
arp timeout	64
auto-cost reference-bandwidth	65
auto-cost reference-bandwidth (IPv6)	66
banner login	67
based-on client-id	69
based-on c-vid	70
based-on interface-ip-address	71
based-on mac-address	72
based-on relay-ip-address	73
based-on s-vid	74
based-on user-class	75
based-on vendor-class	76
bgp always-compare-med	77
bgp asnotation dot	78
bgp bestpath as-path ignore	80
bgp bestpath compare-routerid	82
bgp default ipv4-unicast	83
bgp default local-preference	84
bgp deterministic-med	85
bgp enforce-first-as	86
bgp log-neighbor-changes	87
bgp router-id	88
boot config	89
bootfile	91
boot image	92
channel-group	94
class	96
class-map	97
clear arp-cache	99
clear counters	100
clear dos prevention counter	101
clear cpu-protect counters	102
clear gvrp statistics interface	103
clear ip bgp	104
clear ip bgp peer-group	106
clear ip dhcp binding	108
clear ip dhcp conflict	110
clear ip dhcp server statistics	112
clear ip ospf	113
clear ipv6 dhcp client	114
clear ipv6 neighbors	115
clear ipv6 ospf process	116
clear ipv6 rip	117
clear lldp neighbors	118
clear lldp statistics	119
clear logging	120
clear mac address-table	121
clear port-security	122
clear running-config factory-defaults	123
clear spanning-tree detected-protocols	124
clear vlan-tunnel ctag-mapping dynamic	125
clock set	126
clock summer-time	127
clock timezone	129
color-aware	130
command prompt	131
configure terminal	133
copy	134
cos remarking	137
cpu-protect safeguard	139
cpu-protect type	141
cpu-protect sub-interface	144
crypto key	145
default-gateway (management port)	146
default-information originate (BGP)	147
default-information originate (IPv6 OSPF)	148
default-information originate (RIP)	149
default-information originate (RIP IPv6)	150
default ipv6 nd prefix	151
default-metric (OSPF)	152
default-metric (IPv6 OSPF)	153
default-metric (RIP)	154
default-metric (RIP IPv6)	155
default-router	156
delete	157
description	158
dir	159
disable	160
distance	161
dns-server	163
domain-name	164
dos_prevention action	165
dos_prevention type	166
dot1v binding protocol-group	168
dot1v protocol-group	169
dot1x auth-mode	170
dot1x auth-protocol	171
dot1x control-direction	172
dot1x default	173
dot1x forward-pdu	174
dot1x guest-vlan	175
dot1x initialize	177
dot1x max-req	178
dot1x pae authenticator	179
dot1x port-control	180
dot1x re-authenticate	181
dot1x re-authentication	182
dot1x system-auth-control	183
dot1x timeout	184
dot1x user	185
duplex	186
enable	187
enable password	188
end	189
exit	190
erps	191
erps domain	192
erpi enable	193
erpi type	194
erpi raps-vlan	196
erpi ring-mel	197
erpi ring-port	198
erpi rpl	200
erpi protected-vlan	201
erpi timer	203
erpi tc-propagation	205
errdisable recovery	206
flowcontrol	208
gvrp (Global)	209
gvrp (Interface)	210
gvrp advertise (Interface)	211
gvrp advertise (VLAN)	212
gvrp dynamic-vlan-creation	213
gvrp forbidden	214
gvrp timer	215
help	216
host area	217
hybrid vlan VLAN-ID	218
ingress-checking	219
instance	220
interface	221
interface range	222
interface tunnel	223
ip access-group	224
ip access-list	225
ip address	226
ip address (management port)	228
ip address-list	229
ip dhcp screening ports	230
ip dhcp screening	231
ip dhcp screening trap-log	232
ip dhcp snooping	233
ip dhcp snooping information option	234
ip dhcp snooping trust	235
ip dhcp screening suppress-duration	236
ip arp inspection trust	237
ip arp inspection validate	238
ip arp inspection vlan	240
ip verify source vlan dhcp-snooping	241
ip source binding	242
ip as-path access-list	244
ip community-list	245
ip dhcp snooping verify MAC-address	247
ip dhcp snooping vlan	248
ip dhcp ping packets	250
ip dhcp ping timeout	251
ip dhcp pool	252
ip dhcp relay	253
ip dhcp relay address	254
ip dhcp relay hops	255
ip dhcp relay information check	256
ip dhcp relay information option	257
ip dhcp relay information policy	259
ip dhcp relay information trust-all	260
ip dhcp relay information trusted	261
ip dvmrp	262
ip dvmrp metric	263
ip http server	264
ip http service-port	265
ip igmp access-group	266
ip igmp last-member-query-interval	268
ip igmp query-interval	269
ip igmp query-max-response-time	270
ip igmp robustness-variable	271
ip igmp snooping	272
ip igmp snooping (multicast router)	274
ip igmp snooping immediate-leave	276
ip igmp snooping querier	277
ip igmp snooping static-group	278
ip igmp version	280
ip mroute	281
ip mtu	283
ip mtu (management port)	284
ip multicast-routing	285
ip ospf authentication	286
ip ospf authentication-key	287
ip ospf cost	288
ip ospf dead-interval	289
ip ospf hello-interval	290
ip ospf message-digest-key	291
ip ospf priority	292
ip ospf retransmit-interval	293
ip ospf shutdown	294
ip ospf transmit-delay	295
ip ospf mtu-ignore	296
ip pim	297
ip pim accept-register	298
ip pim bsr-candidate	299
ip pim dr-priority	301
ip pim join-prune-interval	302
ip pim prune-limit-interval	303
ip pim query-interval	304
ip pim register-checksum-include-data	305
ip pim register-suppresion	306
ip pim rp-address	307
ip pim rp-candidate	308
ip pim state-refresh origination-interval	310
ip policy route-map	311
ip rip authentication key-chain	313
ip rip authentication mode	315
ip rip receive version	316
ip rip send version	317
ip rip v2-broadcast	318
ip route	319
ip route multi-path	320
ip ssh	321
ip telnet server	323
ip telnet service-port	324
ip trusted-host	325
ipv6 access-group	327
ipv6 access-list	329
ipv6 address	330
ipv6 address	331
ipv6 address (management port)	333
ipv6 default-gateway (management port)	334
ipv6 dhcp client information refresh minimum	335
ipv6 dhcp client pd	336
ipv6 dhcp relay destination	338
ipv6 enable	340
ipv6 hop-limit	341
ipv6 nd managed-config-flag	342
ipv6 nd other-config-flag	343
ipv6 nd prefix	344
ipv6 nd ra-interval	345
ipv6 nd ra-lifetime	346
ipv6 nd reachable-time	347
ipv6 nd retrans-timer	348
ipv6 nd suppress-ra	349
ipv6 neighbor	350
ipv6 ospf cost	351
ipv6 ospf dead-interval	352
ipv6 ospf hello-interval	353
ipv6 ospf priority	354
ipv6 ospf retransmit-interval	355
ipv6 ospf shutdown	356
ipv6 ospf transmit delay	357
ipv6 rip metric-offset	358
ipv6 rip split-horizon	359
ipv6 rip split-horizon poisoned	360
ipv6 ospf mtu-ignore	361
ipv6 route	362
ipv6 router ospf area	367
ipv6 router rip	368
key	369
key chain	371
key-string	373
lacp port-priority	375
lacp system-priority	376
lease	377
lldp dot1-tlv-select	378
lldp dot3-tlv-select	381
lldp fast-count	383
lldp hold-multiplier	384
lldp management-address	385
lldp med-tlv-select	387
lldp receive	389
lldp reinit	390
lldp run	391
lldp tlv-select	392
lldp transmit	394
lldp tx-delay	395
lldp tx-interval	396
logging file	397
logging host	398
logging level	400
logging on	401
login	402
logout	403
loopback-detection (interface)	404
loopback-detection (global)	406
loopback-detection mode	407
loopback-detection interval-time	408
mac access-group	409
mac access-list	410
mac address-table aging destination-hit	411
mac address-table aging-time	412
mac address-table static	413
mac-base ( VLAN )	414
match	415
match as-path	419
match community	420
match ip address	421
match ipv6 address	422
maximum-paths	423
max-rcv-frame-size	424
mgmt-if	425
monitor session	426
monitor session destination remote vlan	428
monitor session source interface	430
monitor session source remote vlan	432
mtu	434
multicast filtering-mode	435
name	436
neighbor	437
neighbor (RIP IPv6)	438
neighbor advertisement-interval	439
neighbor description	440
neighbor filter-list	441
neighbor peer-group (create group)	442
neighbor peer-group (add group member)	443
neighbor remote-as	444
neighbor route-map	445
neighbor send-community	446
neighbor shutdown	447
neighbor timers	448
neighbor update-source	449
neighbor weight	450
netbios node-type	451
netbios scope-id	452
netbios wins-server	453
network	454
network (BGP)	455
network area	456
next-server	457
passive-interface	458
passive-interface (IPv6 OSPF)	459
passive interface (RIP)	460
passive-interface (RIP IPv6)	461
password recovery	462
password encryption	466
periodic	467
permit \| deny (ip access-list)	468
permit \| deny (ipv6 access list)	471
permit \| deny (mac access-list)	473
ping	475
poe port priority	477
poe port description	478
poe service-policy	479
poe power-inline	480
police	482
police aggregate	487
police cir	488
policy-map	492
port-channel load-balance	494
power-saving	495
pvid VLAN-ID	496
qos aggregate-policer	497
qos bandwidth	500
qos cos	501
qos deficit-round-robin	502
qos dscp-mutation	505
qos map cos-color	506
qos map dscp-color	507
qos map dscp-cos	508
qos map dscp-mutation	509
qos trust	510
reboot	511
redistribute	512
redistribute (OSPF)	513
redistribute (IPv6 OSPF)	515
redistribute (RIP)	517
redistribute (RIP IPv6)	519
remote-span	521
resequence access-list	522
revision	523
rmon statistics	524
route-map	525
router bgp	527
router-id	528
router-id (IPv6)	529
router ipv6 rip	530
router ipv6 ospf	531
router ospf	532
router rip	533
send-lifetime	534
server	536
service dhcp	538
service-policy	539
set	542
set as-path	544
set community	545
set default interface	547
set ip next-hop	548
set ip precedence	550
set interface	551
set ipv6 default next-hop	552
set ip default next-hop	554
set ipv6 next-hop	556
set default interface	558
set origin	559
set weight	560
sflow	561
sflow receiver	562
sflow sampler	564
sflow poller	566
show aaa	567
show aaa group server	570
show access-group	571
show access-list	572
show arp	573
show boot	574
show channel-group	575
show class-map	579
show clock	580
show cpu-protect safeguard	581
show cpu-protect type	582
show cpu-protect sub-interface	584
show dos_prevention	585
show dot1v	586
show dot1x	587
show dot1x vlan	590

Match case Limit results 1 per page

DGS-6604

switchport port-security

CLI Reference Guide

869

If a port-security command is issued without specifying any arguments, then the

port security feature will be enabled with the default settings for the maximum

and mode parameters.

As the port-security state is changed from disabled to enabled or vice versa, the

auto-learned MAC entries are cleared,

If no arguments are specified when issuing the no port-security command, then

the port security feature will be disabled.

If the no port-security command, without any options, is applied in global

configuration mode, then it will set the port-security to disabled for all ports.

When the mode setting is changed, the addresses, both originally learned and

configured entries on the port, will be cleared.

When the maximum setting is changed, the learned address will remain

unchanged when the maximum number increases; the learned address will be

cleared when the number is decreased.

A port-security enabled port has the following restrictions.

•

The port security function cannot be enabled simultaneously with dot1x

which provides more advanced secure capability.

•

A port which is in private-vlan mode can not enable port-security.

•

If a port is specified as the destination port for the mirroring feature, then

the port-security function can not be enabled.

•

If a port is the member port of a channel group, then it cannot be enabled

with the port-security function.

The system will periodically check whether the secured count is changed within 1

minute intervals.

When a security violation is detected, one of the following actions occurs:

•

Protect

- When the number of port-secure addresses reaches the maxi-

mum limit that is allowed on the port, the packets with unknown source

addresses are dropped until they have a sufficient number of secure MAC

addresses manually removed.

•

Shutdown

- The interface is error disabled when a security violation

occurs

The security-violation count is accumulated and based on the different number of

MAC addresses which violate the secured port.

Note

- When a secure port is in the error-disabled state, it can be manually re-

enabled by entering

no shutdown

commands in interface-configuration mode