Table of Contents
Advertisement
the static address table will be accepted, all other packets are dropped. Note
that the dynamic addresses stored in the address table when MAC address
learning is disabled are flushed from the system, and no dynamic addresses are
subsequently learned until MAC address learning has been re-enabled.
◆
The mac-learning commands cannot be used if 802.1X Port Authentication has
been globally enabled on the switch with the
command, or if MAC Address Security has been enabled by the
command on the same interface.
Example
The following example disables MAC address learning for port 2.
Console(config)#interface ethernet 1/2
Console(config-if)#no mac-learning
Console(config-if)#
Related Commands
show interfaces status (376)
port security
This command enables or configures port security. Use the no form without any
keywords to disable port security. Use the no form with the appropriate keyword to
restore the default settings for a response to security violation or for the maximum
number of allowed addresses.
Syntax
port security [action {shutdown | trap | trap-and-shutdown}
| max-mac-count address-count]
no port security [action | max-mac-count]
Default Setting
Status: Disabled
Action: None
Maximum Addresses: 0
Command Mode
Interface Configuration (Ethernet)
action - Response to take when port security is violated.
shutdown - Disable port only.
trap - Issue SNMP trap message only.
trap-and-shutdown - Issue SNMP trap message and disable port.
max-mac-count
address-count - The maximum number of MAC addresses that can be
learned on a port. (Range: 0 - 1024, where 0 means disabled)
– 257 –
Chapter 8
| General Security Measures
dot1x system-auth-control
port security
Port Security
- Quick Links:
- Connecting to the Switch
Hide quick links:
Advertisement
Table of Contents
