Port Security Commands - D-Link DXS-3600-16S Manual

Port Security Commands

44-1 switchport port-security
This command is used to configure port security and the way to deal with violation of the interface. Use the no form of
the command to disable the port security or recover it to the default.
switchport port-security [violation {protect | restrict | shutdown}]
no switchport port-security [violation]
Parameters
port-security
violation protect
violation restrict
violation shutdown
Default
Command Mode
Command Default Level
Usage Guideline
Example
DXS-3600-32S#configure terminal
DXS-3600-32S(config)#interface tenGigabitEthernet 1/0/1
DXS-3600-32S(config-if)#switchport mode access
DXS-3600-32S(config-if)#switchport port-security
DXS-3600-32S(config-if)#switchport port-security violation restrict
DXS-3600-32S(config-if)#
DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide
Specifies to enable the port security function of this interface.
Specifies to set the security violation to the protect mode. In this mode, when the
number of port secure MAC address reaches the maximum limit allowed on the port,
the packets with unknown source address will be dropped until you remove a
sufficient number of secure MAC address or increase the number of maximum
allowable address. When a security violation occurred, an SNMP trap is not sent,
and a syslog message is not logged.
Specifies to set the security violation to the restrict mode. In this mode, when the
number of port secure MAC address reaches the maximum limit allowed on the port,
the packets with unknown source address will be dropped until you remove a
sufficient number of secure MAC address or increase the number of maximum
allowable address. At the same time, When a security violation occurred, an SNMP
trap is not sent, but a syslog message is logged.
Specifies to set the security violation to the shutdown mode. In this mode, when the
number of port secure MAC address reaches the maximum limit allowed on the port,
the port will become error-disabled and be shut down immediately. When a security
violation occurred, an SNMP trap is not sent, but a syslog message is logged.
The default is to disabled port security for all ports.
The default violation mode is protect mode.
Interface Configuration Mode.
Level: 8
With port security, you can use the port security feature to restrict input to an
interface by limiting and identifying MAC addresses of the stations allowed to access
the port. When you assign secure MAC addresses to secure port, the port does not
forward packets with source addresses outside the group of defined addresses. If a
port is configured as a secure port and maximum number of secure MAC addresses
is reached, when the MAC address of a station attempting to access the port is
different from any of the identified secure MAC addresses, a security violation
occurs. In addition, a secure port has the following limitations: A secure port cannot
belong to link aggregation port, and if the state of sticky learning is enabled, and
disables port security, an error message will also prompt. And port security and
802.1x authentication are not compatibility.
This example shows how to enable port security on interface tenGigabitEthernet 1/0/
1, and the way to deal with violation is restrict.
428