D-Link DGS-6600-48TS Configuration Guide - Page 470
Port Security Configuration Commands, Relations with Other Modules, Protect, Shutdown, Command
View all D-Link DGS-6600-48TS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 470 highlights
Volume 8-Security & Authentication / Chapter 45-Port Security Port Security Configuration Commands The following action causes a security violation: • If the number of source MAC addresses seen on an interface is more than the portsecurity limit. When a security violation occurs, the system takes one of the following actions, based on the user's configuration: • Protect- If the number of source MAC addresses seen on the secured port is more than the port-security limit, packets with unknown source addresses will be dropped. • Shutdown- The secured port is error disabled when a security violation occurs. The error disabled port can be recovered by entering the shutdown command, followed by the no shutdown in interface configuration mode. Port Security Configuration Commands The following commands are used to configure and verify port security settings: Command switchport port-security [maximum VALUE | violation {protect | shutdown} | mode {permanent | delete-on-timeout} show port-security [interface INTERFACEID[,|-] Explanation Configures port-security related attributes. Displays port-security related settings. In the following example, the user configures Ethernet interface 4.5 to have to use the delete-ontimeout security mode, restricts the number of MAC addresses that can be learned on the port to 10, and specifies that the port should be shutdown if a violation occurs: DGS-6600:2>enable DGS-6600:15#configure terminal DGS-6600:15(config)#interface eth4.5 DGS-6600:15(config-if)#switchport port-security maximum 10 DGS-6600:15(config-if)#switchport port-security violation shutdown DGS-6600:15(config-if)#end DGS-6600:15#show port-security interface eth4.5 Interface Max No. Current No. Violation Secure Type State eth4.5 10 0 Shutdown Delete-on-Timeout Disabled Total Entries: 1 DGS-6600:15# Relations with Other Modules 1) Cannot enable port security on 802.1x enabled ports. 2) Cannot configure port security settings on a channel group member port. DGS-6600 Configuration Guide 470