Manuals / Brands / Computer Equipment / Switch / SMC Networks / Computer Equipment / Switch

SMC Networks 10/100/1000 SMCGS8P-Smart , S, 2-44, Configuring Port Security

1 366

Download 366 pages, 7.99 Mb

C

ONFIGURING

THE

S

WITCH

2-44

CLI – Use the interface command to select the target port, then use

the port monitor command to specify the source port. Note that

default mirroring under the CLI is for both received and

transmitted packets.

Configuring Port Security

Port security is a feature that allows you to configure a switch port

with one or more device MAC addresses that are authorized to

access the network through that port.

When port security is enabled on a port, the switch stops learning

new MAC addresses on the specified port. Only incoming traffic

with source addresses already stored in the dynamic or static

address table will be accepted as authorized to access the network

through that port. If a device with an unauthorized MAC address

attempts to use the switch port, the intrusion will be detected and

the switch can automatically take action by disabling the port and

sending a trap message.

To use port security, first allow the switch to dynamically learn the

<source MAC address, VLAN> pair for frames received on a port

for an initial period, and then enable port security to stop address

learning. Be sure you enable the learning function long enough to

ensure that all valid VLAN members have been registered on the

selected port.

Note that a secure port has the following restrictions:

• It should not be connected to a network interconnection

device.

• It cannot be configured as a member of a static trunk.

Console(config)#interface ethernet 1/10 3-92

Console(config-if)#port monitor ethernet 1/11 3-174

Console(config-if)#

b_mgmt.book Page 44 Tuesday, July 8, 2003 5:24 PM

Contents

Main TigerSwitch 10/100/1000 Gigabit Ethernet Switch Managemen t Guide Page Page Page L W IMITED v ARRANTY W IMITED ARRANTY vi vii ONTENTS 1 Switch Management 1-1 2 Configuring the Switch 2-1 viii ix 3 Command Line Interface 3-1 x xi xii xiii Page 1-1 1 S M WITCH ANAGEMENT Connecting to the Switch M 1-2 Page M 1-4 Remote Connections C 1-5 Basic Configuration Console Connection M 1-6 Setting Passwords C 1-7 Setting an IP Address M 1-8 C 1-9 M 1-10 Enabling SNMP Management Access C 1-11 M 1-12 Saving Configuration Settings S F Managing System Files M 1-14 System Defaults D 1-15 M 1-16 D 1-17 Page 2-1 2 S THE ONFIGURING Navigating the Web Browser Interface Page S 2-4 Panel Display M 2-5 Main Menu S 2-6 M 2-7 S 2-8 Basic Configuration Displaying System Information C 2-9 Page C 2-11 Setting the IP Address S 2-12 C 2-13 Manual Configuration Using DHCP/BOOTP Security Configuring the Logon Password 2-15 S 2-16 Configuring RADIUS/TACACS+ Logon Authentication 2-17 S 2-18 2-19 Page 2-21 Configuring HTTPS S 2-22 2-23 Replacing the Default Secure-site Certificate S 2-24 Configuring SSH ECURITY 2-25 CLI Enter the following commands to configure the SSH service. S 2-26 Managing Firmware Downloading System Software from a Server Page S 2-28 Saving or Restoring Configuration Settings F 2-29 Page F 2-31 Displaying Bridge Extension Capabilities Page F ANAGING IRMWARE 2-33 Web Click System, Bridge Extension. Page F ANAGING IRMWARE 2-35 Web Click System, Switch Information. Port Configuration C ORT ONFIGURATION 2-37 CLI This example shows the connection status for Port 13. S 2-38 Configuring Interface Connections C 2-39 Page C 2-41 Setting Broadcast Storm Thresholds Page Page S 2-44 Configuring Port Security C 2-45 Port Security Action S 2-46 Port Security Configuration Address Table Settings Page Page Page Spanning Tree Protocol Configuration S 2-52 T C P 2-53 STP Information S 2-54 Page S THE ONFIGURING WITCH T C P 2-57 STP Configuration S 2-58 T C P 2-59 Page T C P 2-61 STP Port and Trunk Information S 2-62 T C P 2-63 Page T C P 2-65 STP Port and Trunk Configuration S 2-66 T C P 2-67 S 2-68 Page S 2-70 VLAN Configuration 2-71 Assigning Ports to VLANs S 2-72 2-73 Forwarding Tagged/Untagged Frames S 2-74 Displaying Basic VLAN Information 2-75 Displaying Current VLANs Command Attributes for Web Interface Page 2-77 Creating VLANs S 2-78 2-79 Adding Interfaces Based on Membership Type S 2-80 2-81 Page 2-83 Configuring VLAN Behavior for Interfaces S 2-84 2-85 Page Class of Service Configuration Page Page Page C S 2-91 Page C S 2-93 Mapping Layer 3/4 Priorities to CoS Values Page Page Page C S 2-97 Mapping DSCP Priority Page Page S 2-100 Port Trunk Configuration T C 2-101 Page Page S 2-104 Statically Configuring a Trunk Page S 2-106 Configuring SNMP Page Page Page Page SNMP 2-111 Page C 2-113 Multicast Configuration Configuring IGMP Parameters S 2-114 C 2-115 S THE ONFIGURING WITCH Page S 2-118 Specifying Interfaces Attached to a Multicast Router C 2-119 Displaying Port Members of Multicast Services Command Attribute Page C 2-121 Adding Multicast Addresses to VLANs Command Attribute Showing Device Statistics D S 2-123 Statistical Values S 2-124 D S 2-125 S 2-126 Page Page 801.1X P A ORT UTHENTICATION 801.1X Port Authentication S 2-130 801.1X P A 2-131 802.1x Port Configuration S 2-132 Page S 2-134 802.1x Statistics The 802.1x protocol includes statistics for 802.1x protocol exchanges for any port. Page Page 3-1 3 I INE L OMMAND L I 3-2 Telnet Connection Page Entering Commands Page L I 3-6 The command show interfaces ? will display the following information: Partial Keyword Lookup Page L I 3-8 Exec Commands E C 3-9 Configuration Commands L I 3-10 Command Line Processing Page L I 3-12 Command Groups The system commands can be broken down into the functional groups shown be low G 3-13 L I 3-14 General Commands enable C 3-15 disable L I 3-16 configure C 3-17 show history Page C 3-19 exit quit L Flash/File Commands C 3-21 copy L I 3-22 C 3-23 delete L I 3-24 dir C 3-25 whichboot L I 3-26 boot system M System Management Commands L I 3-28 M C 3-29 hostname L I 3-30 username M C 3-31 enable password L I 3-32 jumbo frame M C 3-33 ip http port L I 3-34 ip http server M C 3-35 ip http secure-server L I 3-36 ip http secure-port M C 3-37 ip ssh L I 3-38 ip ssh server M C 3-39 disconnect ssh Page M C 3-41 logging on L I 3-42 logging history M C 3-43 Page Page L I 3-46 Messages sent include the selected level up through level 0. Default Setting Level 3 - 0 Command Mode Global Configuration Example M C 3-47 clear logging show logging L I 3-48 show startup-config M C 3-49 L I 3-50 Example Related Commands show running-config (3-51) M C 3-51 show running-config L I 3-52 show system M C 3-53 show users L I 3-54 show version C Authentication Commands L I 3-56 authentication login C 3-57 Page C 3-59 radius-server key L I 3-60 radius-server retransmit radius-server timeout C 3-61 show radius-server tacacs-server host L I 3-62 tacacs-server port Page L I 3-64 Example SNMP Commands 3-65 snmp-server community Page 3-67 snmp-server host L I 3-68 3-69 snmp-server enable traps L I 3-70 snmp ip filter 3-71 show snmp L I 3-72 3-73 IP Commands L I 3-74 ip address 3-75 ip dhcp restart L I 3-76 ip default-gateway 3-77 show ip interface Page 3-79 L I 3-80 Line Commands C 3-81 line L I 3-82 login C 3-83 password L I 3-84 exec-timeout C 3-85 password-thresh L I 3-86 silent-time C 3-87 databits L I 3-88 parity C 3-89 speed Page C 3-91 Interface Commands L I 3-92 interface C 3-93 description L I 3-94 speed-duplex C 3-95 negotiation L I 3-96 capabilities C 3-97 flowcontrol L I 3-98 C 3-99 shutdown L I 3-100 switchport broadcast C 3-101 port security L I 3-102 clear counters C 3-103 show interfaces status L I 3-104 show interfaces counters C 3-105 L I 3-106 show interfaces switchport T Address Table Commands L I 3-108 mac-address-table static T C 3-109 show mac-address-table L I 3-110 Page Page T C 3-113 Spanning Tree Commands L I 3-114 spanning-tree T C 3-115 spanning-tree mode L I 3-116 spanning-tree forward-time T C 3-117 spanning-tree hello-time L I 3-118 spanning-tree max-age T C 3-119 spanning-tree priority L I 3-120 spanning-tree pathcost method Page L I 3-122 spanning-tree cost T C 3-123 spanning-tree port-priority L I 3-124 spanning-tree portfast T C 3-125 spanning-tree edge-port L I 3-126 spanning-tree protocol-migration T C 3-127 spanning-tree link-type L I 3-128 show spanning-tree T C REE PANNING OMMANDS VLAN Commands 3-131 vlan database L I 3-132 vlan 3-133 interface vlan L I 3-134 switchport mode 3-135 switchport acceptable-frame-types L I 3-136 switchport ingress-filtering 3-137 switchport native vlan L I 3-138 switchport allowed vlan 3-139 switchport forbidden vlan L I 3-140 show vlan GVRP GVRP and Bridge Extension Commands L I 3-142 switchport gvrp Page L I 3-144 garp timer Page L I 3-146 bridge-ext gvrp Page L I 3-148 IGMP Snooping Commands C 3-149 ip igmp snooping L I 3-150 ip igmp snooping vlan static C 3-151 ip igmp snooping version L I 3-152 show ip igmp snooping show mac-address-table multicast C 3-153 ip igmp snooping querier L I 3-154 ip igmp snooping query-count C 3-155 ip igmp snooping query-interval L I 3-156 ip igmp snooping query-max-response-time C 3-157 ip igmp snooping router-port-expire-time L I 3-158 ip igmp snooping vlan mrouter C 3-159 show ip igmp snooping mrouter L I Priority Commands C 3-161 switchport priority default L I 3-162 queue bandwidth C 3-163 queue cos-map L I 3-164 C 3-165 show queue bandwidth L I 3-166 show queue cos-map map ip precedence (Global Configuration) C 3-167 map ip precedence (Interface Configuration) L I 3-168 C 3-169 map ip dscp (Global Configuration) L I 3-170 map ip dscp (Interface Configuration) C 3-171 show map ip precedence L I 3-172 show map ip dscp C 3-173 L I 3-174 Mirror Port Commands port monitor P C 3-175 show port monitor L I 3-176 T C Port Trunking Commands L I 3-178 channel-group T C 3-179 lacp L I 3-180 A PPENDIX A-1 A T ROUBLESHOOTING A-2 Page U P S F B-3 Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Page I NDEX Index-2 P R S T U