Table of Contents
Advertisement
shutdown
permanent
delete-on-timeout
mac-address MAC-ADDRESS
permanent
vlan VLAN-ID
Default
By default, this option is disabled.
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
When port security is enabled, if the port mode is configured as delete-on-timeout, the port will
automatically learn the dynamic secured entry which will be timed out. These entries will be aged out
based on the setting specified by the switchport port-security aging command. If the port mode is
permanent, the port will automatically learn permanent secured entries which will not be timed out.
The auto-learned permanent secured entry will be stored in the running configuration.
As the port mode-security state is changed, the violation counts will be cleared, and the auto-
permanent entries will be converted to corresponding dynamic entries. As the port-security state is
changed to disabled, the auto-learned secured entries, either dynamic or permanent with its violation
counts are cleared. As the related VLAN configuration is changed, the auto-learned dynamic secured
entries are cleared.
Permanent secured entry will be kept in the running configuration and can be stored to the NVRAM by
using the copy command. The user configured secure MAC addresses are counted in the maximum
number of MAC addresses on a port.
As a permanent secured entry of a port security enabled port, the MAC address cannot be moved to
another port.
When the maximum setting is changed, the learned address will remain unchanged when the
maximum number increases. If the maximum number is changed to a lower value which is lower than
the existing entry number, the command is rejected.
A port-security enabled port has the following restrictions.
•
•
•
When the maximum number of secured users is exceeded, one of the following actions can occur:
•
DXS-1210 Series Smart Managed Switch CLI Reference Guide
port-security process level and increments the security-violation count
and record the system log.
(Optional) Specifies to shut down the port if there is a security violation
and record the system log.
(Optional) Specifies that under this mode, all learned MAC addresses
will not be purged out unless the user manually deletes those entries.
(Optional) Specifies that under this mode, all learned MAC addresses
will be purged out when an entry is aged out or when the user
manually deletes these entries.
(Optional) Specifies to add a secure MAC address to gain port access
rights.
(Optional) Specifies to set the secure permanent configured MAC
address of the port. This entry is same as the one learnt under the
permanent mode.
(Optional) Specifies a VLAN. If no VLAN is specified, the MAC address
will be set with a PVID.
The port security function cannot be enabled simultaneously with 802.1X, MAC (MAC-based
Access Control), JWAC, WAC and IMPB, that provides more advanced security capabilities.
If a port is specified as the destination port for the mirroring function, the port security function
cannot be enabled.
If the port is a link aggregation member port, the port security function cannot be enabled.
Protect - When the number of port secure MAC addresses reaches the maximum number of
users that is allowed on the port, the packets with the unknown source address is dropped
until some secured entry is removed to release the space.
247
Hide quick links:
Advertisement
Table of Contents
