Port security – Edge Products ES3528-WDM User Manual

Client Security Commands

22-2

22

port security

This command enables or configures port security. Use the no form without any
keywords to disable port security. Use the no form with the appropriate keyword to
restore the default settings for a response to security violation or for the maximum
number of allowed addresses.

Syntax

port security [action {shutdown | trap | trap-and-shutdown}

| max-mac-count address-count]

no port security [action | max-mac-count]

• action - Response to take when port security is violated.

- shutdown - Disable port only.
- trap - Issue SNMP trap message only.
- trap-and-shutdown - Issue SNMP trap message and disable port.

• max-mac-count

- address-count - The maximum number of MAC addresses that can be

learned on a port. (Range: 0 - 1024, where 0 means disabled)

Default Setting

• Status: Disabled
• Action: None
• Maximum Addresses: 0

Command Mode

Interface Configuration (Ethernet)

Command Usage

• If you enable port security, the switch stops learning new MAC addresses on

the specified port when it has reached a configured maximum number. Only
incoming traffic with source addresses already stored in the dynamic or static
address table will be accepted.

• First use the port security max-mac-count command to set the number of

addresses, and then use the port security command to enable security on
the port.

• Use the no port security max-mac-count command to disable port security

and reset the maximum number of addresses to the default.

• You can also manually add secure addresses with the mac-address-table

static command.

• A secure port has the following restrictions:

- Cannot be connected to a network interconnection device.
- Cannot be a trunk port.

• If a port is disabled due to a security violation, it must be manually re-enabled

using the no shutdown command.