port-security

Implementation Notes

If port security is enabled on a port, and then an ACL is applied to the port, the ACL is given precedence and port security is ignored. For example, if port security is applied, and then an ACL with a permit rule for a particular source address is applied, frames with that source address will be permitted.

Logically, then, if a port that does not have port security enabled has an ACL applied, and then port security is enabled, the ACL takes precedence and port security is ignored, as above.

In either case, if all ACLs are removed from the port, port security will become active if it is still configured as such.

When port security is disabled on a port after having been enabled, all MAC table entries associated with that port are flushed.

port-security

Syntax

Default

Modes

Command

History

Related

Commands

This command enables port locking at the system level (Global Config) or port level (Interface Config).

The no version of this command disables port locking at the system level (Global Config) or port level (Interface Config).

[no] port-security

Disabled

Global Config and Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#.

Version 2.3

Added Interface VLAN and Interface Range modes.

 

 

interface

Identifies an interface and enters the Interface Config mode.

 

 

interface range

Defines an interface range and accesses the Interface Range mode

 

 

port-security max-dynamic

This command sets the maximum of dynamically locked MAC addresses allowed on a specific port.

The no version of this command resets the maximum of dynamically locked MAC addresses allowed on a specific port to its default value.

164

Security Commands

Page 164
Image 164
Force10 Networks S2410s manual Port-security max-dynamic, No port-security, Security Commands