Dell PowerConnect M6220 Configuration Guide - Page 38

Operation, CLI Examples, Example #1: Enable Port Security on an Interface - manual

Get Dell PowerConnect M6220 PDF manuals and user guides View all Dell PowerConnect M6220 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 38 highlights

• Packets that have a matching MAC address (secure packets) are forwarded; all other packets (unsecure packets) are restricted. • Enabled on a per port basis. • When locked, only packets with allowable MAC address will be forwarded. • Supports both dynamic and static. • Implement two traffic filtering methods. These methods can be used concurrently. - Dynamic Locking: User specifies the maximum number of MAC addresses that can be learned on a port. The maximum number of MAC addresses is 100. After the limit is reached, additional MAC addresses are not learned. Only frames with an allowable source MAC address are forwarded. - Static Locking: User manually specifies a list of static MAC addresses for a port. Dynamically locked addresses can be converted to statically locked addresses. Operation Port Security: • Helps secure network by preventing unknown devices from forwarding packets. • When link goes down, all dynamically locked addresses are 'freed.' • If a specific MAC address is to be set for a port, set the dynamic entries to 0, then only allow packets with a MAC address matching the MAC address in the static list. • Dynamically locked MAC addresses are aged out if another packet with that address is not seen within the age-out time. The user can set the time-out value. • Dynamically locked MAC addresses are eligible to be learned by another port. • Static MAC addresses are not eligible for aging. • Dynamically locked addresses can be converted to statically locked addresses. CLI Examples The following are examples of the commands used in the Port Security feature. Example #1: Enable Port Security on an Interface console(config)#interface ethernet 1/g2 console(config-if-1/g2)#port security ? discard discard-shutdown forward max trap Discard frames with unlearned source addresses. Discard frames with unlearned source addresses and shutdown the port. Forward frames with unlearned source addresses. Configure the maximum addresses that can be learned on the port. Sends SNMP Traps, and specifies the minimum time 38 Switching Configuration

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
38
Switching Configuration
Packets that have a matching MAC address (secure packets) are forwarded; all other packets (unsecure
packets) are restricted.
Enabled on a per port basis.
When locked, only packets with allowable MAC address will be forwarded.
Supports both dynamic and static.
Implement two traffic filtering methods. These methods can be used concurrently.
Dynamic Locking: User specifies the maximum number of MAC addresses that can be learned on
a port. The maximum number of MAC addresses is 100. After the limit is reached, additional
MAC addresses are not learned. Only frames with an allowable source MAC address are forwarded.
Static Locking: User manually specifies a list of static MAC addresses for a port. Dynamically
locked addresses can be converted to statically locked addresses.
Operation
Port Security:
Helps secure network by preventing unknown devices from forwarding packets.
When link goes down, all dynamically locked addresses are ‘freed.’
If a specific MAC address is to be set for a port, set the dynamic entries to 0, then only allow packets
with a MAC address matching the MAC address in the static list.
Dynamically locked MAC addresses are aged out if another packet with that address is not seen within
the age-out time. The user can set the time-out value.
Dynamically locked MAC addresses are eligible to be learned by another port.
Static MAC addresses are not eligible for aging.
Dynamically locked addresses can be converted to statically locked addresses.
CLI Examples
The following are examples of the commands used in the Port Security feature.
Example #1: Enable Port Security on an Interface
console(config)#interface ethernet 1/g2
console(config-if-1/g2)#port security ?
discard
Discard frames with unlearned source addresses.
discard-shutdown
Discard frames with unlearned source addresses and
shutdown the port.
forward
Forward frames with unlearned source addresses.
max
Configure the maximum addresses that can be learned
on the port.
trap
Sends SNMP Traps, and specifies the minimum time