Port security, Table 48 – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual

Page 244

Advertising
background image

194

Brocade 6910 Ethernet Access Switch Configuration Guide

53-1002581-01

Port Security

10

port security

This command enables or configures port security. Use the no form without any keywords to
disable port security. Use the no form with the appropriate keyword to restore the default settings
for a response to security violation or for the maximum number of allowed addresses.

Syntax

port security [action {shutdown | trap | trap-and-shutdown} | max-mac-count address-count]

no port security [action | max-mac-count]

action - Response to take when port security is violated.

shutdown - Disable port only.

trap - Issue SNMP trap message only.

trap-and-shutdown - Issue SNMP trap message and disable port.

max-mac-count

address-count - The maximum number of MAC addresses that can be learned on a
port. (Range: 0 - 1024, where 0 means disabled)

Default Setting

Status: Disabled
Action: None
Maximum Addresses: 0

Command Mode

Interface Configuration (Ethernet)

Command Usage

The default maximum number of MAC addresses allowed on a secure port is zero (that is, port
security is disabled). To use port security, you must configure the maximum number of
addresses allowed on a port using the port security max-mac-count command.

When port security is enabled using the port security command, or the maximum number or
allowed addresses is set to value lower than the current limit after port security has been
enabled, the switch first clears all dynamically learned entries from the address table. It then
starts learning new MAC addresses on the specified port, and stops learning addresses when
it reaches a configured maximum number. Only incoming traffic with source addresses already
stored in the dynamic or static address table will be accepted.

TABLE 48

Management IP Filter Commands

Command

Function

Mode

mac-address-table static

Maps a static address to a port in a VLAN

GC

port security

Configures a secure port

IC

show mac-address-table

Displays entries in the bridge-forwarding database

PE

show port security

Displays port security status and secure address count

PE

Advertising
Popular Brands
Popular manuals