SMC Networks SMC6624M Management Manual page 152

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access
Configuring and Monitoring Port Security
Table 7-1.
Parameter Description
Port List <[ethernet] port-list>
Learn learn-mode <static | continuous>
Mode
Continuous (the Default): Appears in the factory-default setting or when you execute no port-security. Allows
the port to learn addresses from inbound traffic from any device(s) to which it is connected. In this state, the
port accepts traaffic from any device(s) to which it is connected. Addresses learned this way appear in the
switch and port address tables and age out according to the Address Age Interval in the System Information
configuration screen (page 5-41).
Static: Enables you to use the mac-address parameter to specify the MAC addresses of the devices
authorized for a port, and the address-limit parameter to specify the number of MAC addresses authorized
for the port. You can authorize specific devices for the port, while still allowing the port to accept other, non-
specified devices until the device limit has been reached. That is, if you enter fewer MAC addresses than
you authorized, the port authorizes the remaining addresses in the order in which it automatically learns
them. For example, If you use address-limit to specify three authorized devices, but use mac-address to
specify only one authorized MAC address, the port adds the one specifically authorized MAC address to its
authorized-devices list and the first two additional MAC addresses it detects.
For example, suppose:
• You use mac-address to authorize MAC address 0060b0-880a80 for port 4.
• You use address-limit to allow three devices on port 4 and the port detects a series of MAC addresses
in the following order:
080090-1362f2
00f031-423fc1
080071-0c45a1
0060b0-880a80
In the above case, port 4 would assume the following list of authorized addresses:
080090-1362f2
00f031-423fc1
0060b0-880a80
The remaining MAC address the port detects, 080071-0c45a1, is not allowed in the list of authorized
addresses, and so is handled as an intruder.
Learned Addresses: In the following two cases, a port in Static learn mode retains a learned MAC address
even if you subsequently reboot the switch or disable port security for that port:
• The port learns a MAC address after you configure the port for Static learn mode in both the startup-
config file and the running-config files (by executing the write memory command).
• The port learns a MAC address after you configure the port for Static learn mode in only the running-
config file and, after the address is learned, you execute write memory to configure the startup-config
file to match the running-config file.
To remove an address learned using either of the preceding methods, do one of the following:
• Delete the address by using the no port-security <port-number> mac-address <mac-addr> command.
• Download a previously saved configuration file that does not include the unwanted MAC address
assignment.
• Reset the switch to its factory-default configuration.
7-12
Port Security Parameters
Identifies the port or ports on which to apply a port security command.
Specifies how the port acquires authorized addresses.
(the address you authorized with the mac-address parameter)
(the first address the port detected)
(the second address the port detected)
(the address you authorized with the mac-address parameter)