ProSafe M4100 and M7100 Managed Switches

given in the software Release Notes. After the limit is reached, additional MAC addresses are not learned. Only frames with an allowable source MAC addresses are forwarded.

Note: If you want to set a specific MAC address for a port, set the dynamic entries to 0, then allow only packets with a MAC address matching the MAC address in the static list.

Dynamically locked addresses can be converted to statically locked addresses. Dynamically locked MAC addresses are aged out if another packet with that address is not seen within the age-out time. You can set the time out value. Dynamically locked MAC addresses are eligible to be learned by another port. Static MAC addresses are not eligible for aging.

Static locking. You can manually specify a list of static MAC addresses for a port. Dynamically locked addresses can be converted to statically locked addresses.

Set the Dynamic and Static Limit on Port 1/0/1

The example is shown as CLI commands and as a Web interface procedure.

CLI: Set the Dynamic and Static Limit on Port 1/0/1

(Netgear Switch) (Config)#port-security Enable port-security globally

(Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#port-security Enable port-security on port 1/0/1

(Netgear Switch) (Interface 1/0/1)#port-security max-dynamic 10 Set the dynamic limit to 10

(Netgear Switch) (Interface 1/0/1)#port-security max-static 3

Set the static limit to 3

 

 

(Netgear Switch) (Interface 1/0/1)#ex

 

 

(Netgear Switch) (Config)#ex

 

 

(Netgear Switch) #show port-security 1/0/1

 

 

Admin

Dynamic

Static

Violation

Intf

Mode

Limit

Limit

Trap Mode

------

-------

----------

---------

----------

1/0/1

Disabled

10

3

Disabled

Web Interface: Set the Dynamic and Static Limit on Port 1/0/1

1.Select Security > Traffic Control > Port Security >Port Administrator.

270 Chapter 15. Security Management

Page 270
Image 270
NETGEAR M7100, M4100 manual CLI Set the Dynamic and Static Limit on Port 1/0/1