Security Violations - Cisco Catalyst 3550 series Software Configuration Manual
Multilayer switch
Hide thumbs
Also See for Catalyst 3550 series:
- Reference manual (58 pages) ,
- Datasheet (21 pages) ,
- Manual (19 pages)
Table of Contents
Advertisement
Chapter 21
Configuring Port-Based Traffic Control
Security Violations
It is a security violation when one of these situations occurs:
•
•
You can configure the interface for one of three violation modes, based on the action to be taken if a
violation occurs:
•
•
•
Table 21-1
security.
Table 21-1 Security Violation Mode Actions
Traffic is
Violation Mode
forwarded
protect
No
restrict
No
shutdown
No
1. Packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses.
2. The switch will return an error message if you manually configure an address that would cause a security violation.
78-11194-09
The maximum number of secure MAC addresses have been added to the address table, and a station
whose MAC address is not in the address table attempts to access the interface.
An address learned or configured on one secure interface is seen on another secure interface in the
same VLAN.
protect—When the number of secure MAC addresses reaches the limit allowed on the port, packets
with unknown source addresses are dropped until you remove a sufficient number of secure MAC
addresses or increase the number of maximum allowable addresses. You are not notified that a
security violation has occurred.
We do not recommend enabling the protect mode on a trunk port. The protect mode disables
Note
learning when any VLAN reaches its maximum limit, even if the port has not reached its
maximum limit.
restrict—When the number of secure MAC addresses reaches the limit allowed on the port, packets
with unknown source addresses are dropped until you remove a sufficient number of secure MAC
addresses or increase the number of maximum allowable addresses. In this mode, you are notified
that a security violation has occurred. Specifically, an SNMP trap is sent, a syslog message is
logged, and the violation counter increments.
shutdown—In this mode, a port security violation causes the interface to immediately become
error-disabled, and turns off the port LED. It also sends an SNMP trap, logs a syslog message, and
increments the violation counter. When a secure port is in the error-disabled state, you can bring it
out of this state by entering the errdisable recovery cause psecure-violation global configuration
command, or you can manually re-enable it by entering the shutdown and no shutdown interface
configuration commands. This is the default mode.
shows the violation mode and the actions taken when you configure an interface for port
Sends SNMP
1
trap
No
Yes
Yes
Sends syslog
Displays error
message
message
No
No
Yes
No
Yes
No
Catalyst 3550 Multilayer Switch Software Configuration Guide
Configuring Port Security
Violation
counter
2
increments
No
Yes
Yes
Shuts down port
No
No
Yes
21-9
Advertisement
Table of Contents
Troubleshooting
