SMC Networks SMC6624M Management Manual page 153

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access
Parameter Description
Assigned/Authorized Address: If you manually assign a MAC address (using the port-security <port-
number> address-list <mac-addr> command) and then you execute a write memory command, the assigned
MAC address remains in memory until you do one of the following:
• Delete it by using the no port-security <port-number> mac-address <mac-addr> command.
• Download a previously saved configuration file that does not include the unwanted MAC address
assignment.
• Reset the switch to its factory-default configuration.
Disabling port security on a port does not remove an assigned MAC address from the port security
configuration for that port.
Caution: When you use static with a device limit greater than the number of MAC addresses you specify
with mac-address, an unwanted device can become "authorized". This can occur because the port, in order
to fulfill the number of devices allowed by the address-limit parameter, automatically adds devices it detects
until the specified limit is reached.
Device address-limit <integer>
Limit
When Learn Mode is set to
1 (the default) to 8.
action
Action <none | send-alarm | send-disable>
Specifies whether an SNMP trap is sent to a network management station when Learn Mode is set to static
and the port detects an unauthorized device, or when Learn Mode is set to continuous and there is an address
change on a port.
None (the default): Prevents an SNMP trap from being sent.
Send Alarm: Causes the switch to send an SNMP trap to a network management station.
Send Alarm and Disable: Available only in the
to a network management station and disable the port.
For information on configuring the switch for SNMP management, see chapter 8.
mac-address <mac-addr>
Address
Available for static learn mode. Allows up to eight authorized devices (MAC addresses) per port, depending
List
on the value specified in the address-limit parameter.
If you use mac-address with static, but enter fewer devices than you specified in the address-limit field, the
port accepts not only your specified devices, but also as many other devices as it takes to reach the device
limit. For example, if you specify four devices, but enter only two MAC addresses, the port will accept the
first two non-specified devices it detects, along with the two specifically authorized devices.
Clear clear-intrusion-flag
Intrusion Clears the intrusion flag for a specific port. (See "Reading Intrusion Alerts and Resetting Alert Flags" on page
Flag 7-20.)
Static
, specifies how many authorized devices (MAC addresses) to allow. Range:
static
learn-mode. Causes the switch to send an SNMP trap
Configuring and Monitoring Port Security
7-13