1. Home
  2. D-Link
  3. D-Link DXS-3600-32S User Manual
  4. Page 436

D-Link DXS-3600-32S 24-port Top Of Rack 10 Gigabit Managed Switch With Expansion Slot

User Manual - Page 436

For DXS-3600-32S.

PDF File Manual, 695 pages, Read Online | Download pdf file

DXS-3600-32S photo
Loading ...
Loading ...
Loading ...
DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide
428
Port Security Commands
44-1 switchport port-security
This command is used to configure port security and the way to deal with violation of the interface. Use the no form of
the command to disable the port security or recover it to the default.
switchport port-security [violation {protect | restrict | shutdown}]
no switchport port-security [violation]
Parameters
port-security Specifies to enable the port security function of this interface.
violation protect Specifies to set the security violation to the protect mode. In this mode, when the
number of port secure MAC address reaches the maximum limit allowed on the port,
the packets with unknown source address will be dropped until you remove a
sufficient number of secure MAC address or increase the number of maximum
allowable address. When a security violation occurred, an SNMP trap is not sent,
and a syslog message is not logged.
violation restrict Specifies to set the security violation to the restrict mode. In this mode, when the
number of port secure MAC address reaches the maximum limit allowed on the port,
the packets with unknown source address will be dropped until you remove a
sufficient number of secure MAC address or increase the number of maximum
allowable address. At the same time, When a security violation occurred, an SNMP
trap is not sent, but a syslog message is logged.
violation shutdown Specifies to set the security violation to the shutdown mode. In this mode, when the
number of port secure MAC address reaches the maximum limit allowed on the port,
the port will become error-disabled and be shut down immediately. When a security
violation occurred, an SNMP trap is not sent, but a syslog message is logged.
Default
The default is to disabled port security for all ports.
The default violation mode is protect mode.
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 8
Usage Guideline
With port security, you can use the port security feature to restrict input to an
interface by limiting and identifying MAC addresses of the stations allowed to access
the port. When you assign secure MAC addresses to secure port, the port does not
forward packets with source addresses outside the group of defined addresses. If a
port is configured as a secure port and maximum number of secure MAC addresses
is reached, when the MAC address of a station attempting to access the port is
different from any of the identified secure MAC addresses, a security violation
occurs. In addition, a secure port has the following limitations: A secure port cannot
belong to link aggregation port, and if the state of sticky learning is enabled, and
disables port security, an error message will also prompt. And port security and
802.1x authentication are not compatibility.
Example
This example shows how to enable port security on interface tenGigabitEthernet 1/0/
1, and the way to deal with violation is restrict.
DXS-3600-32S#configure terminal
DXS-3600-32S(config)#interface tenGigabitEthernet 1/0/1
DXS-3600-32S(config-if)#switchport mode access
DXS-3600-32S(config-if)#switchport port-security
DXS-3600-32S(config-if)#switchport port-security violation restrict
DXS-3600-32S(config-if)#
Loading ...
Loading ...
Loading ...