Configuring and Monitoring Port Security

Port Security

Configuring Port Security

Using the CLI, you can:

Configure port security and edit security settings.

Add or delete devices from the list of authorized addresses for one or more ports.

Clear the Intrusion flag on specific ports

Syntax: port-security

[e]<port-list>< learn-mode address-limit mac-address action clear-intrusion-flag >

<port-list>: Specifies a list of one or more ports to which the port-security command applies.

learn-mode < continuous static port-access configured limited- continuous >

For the specified port:

Identifies the method for acquiring authorized addresses.

On switches covered in this guide, automatically invokes eavesdrop protection. (Refer to “Eavesdrop Protection” on page 11-5.)

continuous (Default): Appears in the factory-default setting or when you execute no port-security.Allows the port to learn addresses from the device(s) to which it is connected. In this state, the port accepts traffic from any device(s) to which it is connected. Addresses learned in the learn continuous mode will “age out” and be automatically deleted if they are not used regularly. The default age time is five minutes.

Addresses learned this way appear in the switch and port address tables and age out according to the MAC Age Interval in the System Information configuration screen of the Menu interface or the show system information listing. You can set the MAC age out time using the CLI, SNMP, Web, or menu interfaces. For more information on the mac-age-timecommand refer to the chapter titled “Interface Access and System Information” in the Management and Configuration Guide for your switch.

— Continued —

11-12