NETGEAR Managed Switches Software Administration Manual, Release 8.0
•
When link goes down, all dynamically locked addresses are 'freed'
•
If a specific MAC address is to be set for a port, set the dynamic entries to 0, then only allow packets
with a MAC address matching the MAC address in the static list
•
Dynamically locked MAC addresses are aged out if another packet with that address is not seen within
the age-out time. The user can set the time-out value.
•
Dynamically locked MAC addresses are eligible to be learned by another port
•
Static MAC addresses are not eligible for aging
•
Dynamically locked addresses can be converted to statically locked addresses
Set the Dynamic and Static Limit on the Port 1/0/1
The example is shown as CLI commands and as a Web interface procedure.
CLI: Setting the Dynamic and Static Limit on the Port 1/0/1
(Netgear Switch) (Config)#port-security
Enable port-security globally
(Netgear Switch) (Config)#interface 1/0/1
(Netgear Switch) (Interface 1/0/1)#port-security
Enable port-security on port 1/0/1
(Netgear Switch) (Interface 1/0/1)#port-security max-dynamic 10
Set the dynamic limit to 10
(Netgear Switch) (Interface 1/0/1)#port-security max-static 3
Set the static limit to 3
(Netgear Switch) (Interface 1/0/1)#ex
(Netgear Switch) (Config)#ex
(Netgear Switch) #show port-security 1/0/1
Admin
Intf
Mode
------
-------
1/0/1
Disabled
Web Interface: Setting the Dynamic and Static Limit on the
Port 1/0/1
1.
To use the Web interface to enable port-security globally, proceed as follows:
a.
From the main menu, select Security > Traffic Control >Port Security->Port Administrator. A
screen similar to the following displays.
15-2
Dynamic
Static
Limit
----------
10
v1.0, October 2009
Violation
Limit
Trap Mode
---------
3
Disabled
----------
Security Management