Switchport Port-Security Violation - Cisco Nexus 7000 Series Command Reference Manual

Hide thumbs Also See for Nexus 7000 Series:

Table of Contents

switchport port-security violation

To configure the action that the device takes when a security violation event occurs on an interface, use the

switchport port-security violation command. To remove the port security violation action configuration,

use the no form of this command.

switchport port-security violation {protect| restrict| shutdown}

no switchport port-security violation {protect| restrict| shutdown}

Syntax Description

Command Default

Command Modes

Interface configuration

Command History

Specifies that the device does not raise security

violations when a packet would normally trigger a

security violation event. Instead, the address that

triggered the security violation is learned but any

traffic from the address is dropped. Further address

learning stops.

Specifies that the device drops ingress traffic from

any nonsecure MAC addresses. Address learning

continues until 100 security violations have occurred

on the interface. Traffic from addresses learned after

the first security violation is dropped.

After 100 security violations occur, the device

disables learning on the interface and drops all ingress

traffic from nonsecure MAC addresses. In addition,

the device generates an SNMP trap for each security

Specifies that the device shuts down the interface if

it receives a packet triggering a security violation.

The interface is error disabled. This action is the

default. After you reenable the interface, it retains its

port security configuration, including its secure MAC

Modification

Support for Layer 2 port-channel interfaces was added.

This command was introduced.

Cisco Nexus 7000 Series Security Command Reference

switchport port-security violation