D-Link DGS-6600-48T Product Manual - Page 879
no shutdown, Protect
View all D-Link DGS-6600-48T manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 879 highlights
DGS-6604 m switchport port-security If a port-security command is issued without specifying any arguments, then the port security feature will be enabled with the default settings for the maximum and mode parameters. As the port-security state is changed from disabled to enabled or vice versa, the auto-learned MAC entries are cleared, If no arguments are specified when issuing the no port-security command, then the port security feature will be disabled. If the no port-security command, without any options, is applied in global configuration mode, then it will set the port-security to disabled for all ports. When the mode setting is changed, the addresses, both originally learned and configured entries on the port, will be cleared. When the maximum setting is changed, the learned address will remain unchanged when the maximum number increases; the learned address will be cleared when the number is decreased. A port-security enabled port has the following restrictions. • The port security function cannot be enabled simultaneously with dot1x which provides more advanced secure capability. • A port which is in private-vlan mode can not enable port-security. • If a port is specified as the destination port for the mirroring feature, then the port-security function can not be enabled. • If a port is the member port of a channel group, then it cannot be enabled with the port-security function. The system will periodically check whether the secured count is changed within 1 minute intervals. When a security violation is detected, one of the following actions occurs: • Protect - When the number of port-secure addresses reaches the maximum limit that is allowed on the port, the packets with unknown source addresses are dropped until they have a sufficient number of secure MAC addresses manually removed. • Shutdown - The interface is error disabled when a security violation occurs The security-violation count is accumulated and based on the different number of MAC addresses which violate the secured port. Note- When a secure port is in the error-disabled state, it can be manually reenabled by entering no shutdown commands in interface-configuration mode CLI Reference Guide 869