Alliedware plus command – Allied Telesis AT-S63 User Manual

Chapter 38: MAC Address-based Port Security Commands

720

Section VIII: Port Security

Examples

The following command sets the security level for port 8 to the Limited
mode and specifies a limit of 5 dynamic MAC addresses. Because no
intrusion action is specified, the discard action is assigned by default:

set switch port=8 securitymode=limited learn=5

The following command sets the security level for ports 9 and 12 to the
Limited mode and specifies a limit of 15 dynamic MAC addresses per port.
The disable intrusion action is specified:

set switch port=9,12 securitymode=limited learn=15
intrusionaction=disable participate=yes

In the above example, the Participate option is required to activate the
disable intrusion action. Without it, the port would discard invalid ingress
frames but would not send an SNMP trap and disable the port.

The following command changes the maximum number of learned MAC
addresses to 150 on ports 15 and 16. The command assumes that the
ports have already be set to the Limited security mode:

set switch port=15-16 learn=150

The following command sets the security level to Locked for ports 2, 6,
and 18:

set switch port=2,6,18 securitymode=locked

The Limit and Participate options are not included with the above
command because they do not apply to the Locked mode or the Secured
mode.

The following command sets the security level to Secured for ports 12 to
24:

set switch port=12-24 securitymode=secured

The following command returns ports 8 to 11 to the automatic security
level, which disables port security:

set switch port=8-11 securitymode=automatic

AlliedWare Plus

Command

Syntax

To set a port to the limited security mode and to specify the maximum
number of addresses a port can learn:

switchport port-security maximum

value