GE ML1600 User Manual

6–4

MULTILINK ML1600 ETHERNET COMMUNICATIONS SWITCH – INSTRUCTION MANUAL

CONFIGURING PORT SECURITY THROUGH THE COMMAND LINE INTERFACE

CHAPTER 6: ACCESS CONSIDERATIONS

•

remove mac

- removes specific or all MAC addresses from port security lookup

•

signal port=<num|list|range>

- observe list of specified ports and notify if

there is a security breach on the list of port specified. The signal can be a log entry,
a trap to the trap receiver specified as part of the SNMP commands (where is that
specified) or both

Note

There is a limitation of 200 MAC addresses per port and 500 MAC addresses per switch for
port security.

Note

All commands listed above must be executed under the port security configuration mode.

Let's look at a few examples. The following command allows specific MAC addresses on a
specified port. No spaces are allowed between specified MAC addresses.

ML1600(port-security)##

allow

mac=00:c1:00:7f:ec:00,00:60:b0:88:9e:00 port=18

The following command sequence sets the port security to learn the MAC addresses. Note
that a maximum of 200 MAC addresses can be learned per port, to a maximum of 500 per
switch. Also, the

action

on the port must be set to none before the port learns the MAC

address information.

ML1600(port-security)##

action port=9,10 none

ML1600(port-security)##

learn port=9,10 enable

The following command sequence enables and disables port security

ML1600(port-security)##

ps enable

Port Security is already enabled

ML1600(port-security)##

ps disable

Port Security Disabled

ML1600

ps enable

Port Security Enabled