1 port security commands, Port security – PLANET SGSD-1022 User Manual

Page 476

Advertising
background image

User’s Manual of SGSD-1022 / SGSD-1022P

SGSW-2840 / SGSW-2840P

DHCP Snooping*

Filters untrusted DHCP messages on unsecure ports by buildingand

maintaining a DHCP snooping binding table

IP Source Guard*

Filters IP traffic on unsecure ports for which the source address cannot be

identified via DHCP snooping nor static source bindings

* The priority of execution for these filtering commands is Port Security, Port Authentication, Network Access, Web

Authentication, Access Control Lists, DHCP Snooping, and then IP Source Guard.

5.13.1 Port Security Commands

These commands can be used to enable port security on a port. When using port security, the switch stops learning new MAC

addresses on the specified port when it has reached a configured maximum number. Only incoming traffic with source

addresses already stored in the dynamic or static address table for this port will be authorized to access the network. The port

will drop any incoming frames with a source MAC address that is unknown or has been previously learned from another port. If a

device with an unauthorized MAC address attempts to use the switch port, the intrusion will be detected and the switch can

automatically take action by disabling the port and sending a trap message.

Command

Function

Mode

port security

Configures a secure port

IC

mac-address-table static

Maps a static address to a port in a VLAN

GC

show mac-address-table

Displays entries in the bridge-forwarding database

PE

Table 5-41 Port Security Commands

port security

This command enables or configures port security. Use the no form without any keywords to disable port security. Use the no

form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number

of allowed addresses.

Syntax

port security [action {shutdown | trap | trap-and-shutdown} | max-mac-count address-count] no port security [action |

max-mac-count] action -Response to take when port security is violated. -shutdown - Disable port only. -trap - Issue

SNMP trap message only. -trap-and-shutdown - Issue SNMP trap message and disable port. max-mac-count

-address-count - The maximum number of MAC addresses that can be learned on a port. (Range: 0-1024)

Default Setting

Status: Disabled

Action: None

Maximum Addresses: 0

Command Mode

476

Advertising
This manual is related to the following products:

SGSD-1022P, SGSW-2840, SGSW-2840P, SGSW-2840P4, SGSW-2840R

Popular Brands
Popular manuals