Interface Configuration (Ethernet)
Command Usage
If you enable port security, the switch stops learning new MAC addresses on the specified port when it has reached a
configured maximum number. Only incoming traffic with source addresses already stored in the dynamic or static address
table will be accepted.
Use the port security command to enable security on a port. Then use the port security action command to set the
response to a port security violation, and the port security max-mac-count command to set the maximum number of
addresses allowed on a port.
You can also manually add secure addresses with the mac-address-table static command.
A secure port has the following restrictions:
-Cannot be connected to a network interconnection device.
-Cannot be a trunk port.
If a port is disabled due to a security violation, it must be manually re-enabled using the no shutdown command.
Example
Example
The following
message:
Console(config)#interface ethernet 1/5
Console(config-if)#port security
Console(config-if)#port security action trap
Console(config-if)#
Related Commands
shutdown
mac-address-table static
show mac-address-table
5.13.2 Network Access (MAC Address Authentication)
Network Access authentication controls access to the network by authenticating the MAC address of each host that attempts to
connect to a switch port. Traffic received from a specific MAC address is forwarded by the switch only if the source MAC
address is successfully authenticated by a central RADIUS server. While authentication for a MAC address is in progress, all
traffic is blocked until authentication is completed. Once successfully authenticated, the RADIUS server may optionally assign
VLAN settings for the switch port.
Command
network-access mode
enables port security for port 5, and sets the response to a security violation to issue a trap
Function
Enables MAC authentication on an interface
User's Manual of SGSD-1022 / SGSD-1022P
472
SGSW-2840 / SGSW-2840P
Mode
IC