Default port blocking configuration, Blocking flooded traffic on an interface, Configuring port security – Dell POWEREDGE M1000E User Manual

26-8

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 26 Configuring Port-Based Traffic Control

Configuring Port Security

Default Port Blocking Configuration

The default is to not block flooding of unknown multicast and unicast traffic out of a port, but to flood
these packets to all ports.

Blocking Flooded Traffic on an Interface

Note

The interface can be a physical interface or an EtherChannel group. When you block multicast or unicast
traffic for a port channel, it is blocked on all ports in the port-channel group.

Beginning in privileged EXEC mode, follow these steps to disable the flooding of multicast and unicast
packets out of an interface:

To return the interface to the default condition where no traffic is blocked and normal forwarding occurs
on the port, use the no switchport block {multicast | unicast} interface configuration commands.

This example shows how to block unicast and multicast flooding on a port:

Switch# configure terminal

Switch(config)# interface gigabitethernet1/0/1

Switch(config-if)# switchport block multicast

Switch(config-if)# switchport block unicast

Switch(config-if)# end

Configuring Port Security

You can use the port security feature to restrict input to an uplink interface by limiting and identifying
MAC addresses of the stations allowed to access the uplink port. When you assign secure MAC
addresses to a secure port, the port does not forward packets with source addresses outside the group of
defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure
MAC address, the workstation attached to that port is assured the full bandwidth of the port.

If a uplink port is configured as a secure port and the maximum number of secure MAC addresses is
reached, when the MAC address of a station attempting to access the port is different from any of the
identified secure MAC addresses, a security violation occurs. Also, if a station with a secure MAC
address configured or learned on one secure port attempts to access another secure port, a violation is
flagged.

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

interface interface-id

Specify the interface to be configured, and enter interface
configuration mode.

Step 3

switchport block multicast

Block unknown multicast forwarding out of the port.

Step 4

switchport block unicast

Block unknown unicast forwarding out of the port.

Step 5

end

Return to privileged EXEC mode.

Step 6

show interfaces interface-id switchport

Verify your entries.

Step 7

copy running-config startup-config

(Optional) Save your entries in the configuration file.