Manuals / Brands / Computer Equipment / Switch / SMC Networks / Computer Equipment / Switch

SMC Networks TigerSwitch 100 C, 2-39, Configuring Port Security

1 334

Download 334 pages, 2.99 Mb

P

ORT

C

ONFIGURATION

2-39Configuring Port Security

Port security is a feature that allows you to configure a switch port with

one or more device MAC addresses that are authorized to access the

network through that port.

When port security is enabled on a port, th e switch stops learning new

MAC addresses on the specified port. Only incoming traffic with source

addresses already stored in the dynamic or static address table will be

accepted as authorized to access the network through that port. If a device

with an unauthorized MAC address attempts to use the switch port, the

intrusion will be detected and the switch can automatically take action by

disabling the port and sending a trap message.

To use port security, first allow the switch to dynamically learn the <source

MAC address, VLAN> pair for frames received on a port for an initial

period, and then enable port security to stop address learning. Be sure you

enable the learning function long enough to ensure that all valid VLAN

members have been registered on the selected port.

Note that a secure port has the following restrictions:

• It should not be connected to a network interconnection device.

• It cannot be configured as a memb er of a static trunk.

• It can be configured as an LACP trunk port, but the switch does not

allow the LACP trunk to be enabled.

Note: A port that is already configured as an LACP or static trunk port

cannot be enabled as a secure port.

Console(config)#interface ethernet 1/10 3-85

Console(config-if)#port monitor ethernet 1/11 3-163

Console(config-if)#

Contents

Main TigerSwitch 10/100/1000 Gigabit Ethernet Switch Management Guide Page Page Page L W IMITED v ARRANTY W IMITED ARRANTY vi vii ONTENTS 1 Switch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 2 Configuring the Switch . . . . . . . . . . . . . . . . . . . . . . . . 2-1 viii ix 3 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . 3-1 x xi xii xiii Page 1-1 1 S M WITCH ANAGEMENT Connecting to the Switch M 1-2 S 1-3 Required Connections M 1-4 Remote Connections Basic Configuration M 1-6 Setting an IP Address C 1-7 M 1-8 C 1-9 Enabling SNMP Management Access M 1-10 C 1-11 Saving Configuration Settings M 1-12 Managing System Files D 1-13 System Defaults M 1-14 D 1-15 Page 2-1 2 S THE ONFIGURING Navigating the Web Browser Interface Home Page Page Panel Display M 2-5 Main Menu S 2-6 M 2-7 S 2-8 Basic Configuration Displaying System Information Page S 2-10 Setting the IP Address C 2-11 S 2-12 Manual Configuration Using DHCP/BOOTP Security Configuring the Logon Password S 2-14 2-15 Configuring RADIUS/TACACS Logon Authentication S 2-16 2-17 Page 2-19 HTTPS S 2-20 2-21 SSH S 2-22 Managing Firmware F 2-23 Downloading System Software from a Server S 2-24 Saving or Restoring Configuration Settings F 2-25 Page B C E 2-27 Displaying Bridge Extension Capabilities S 2-28 Page S 2-30 Displaying Switch Hardware/Software Versions Page Port Configuration C ORT ONFIGURATION 2-33 CLI This example shows the connection status for Port 13. S 2-34 Configuring Interface Connections C 2-35 S 2-36 Setting Broadcast Storm Thresholds Page Page C 2-39 Configuring Port Security S 2-40 Port Security Action Port Security Configuration Address Table Settings Page Page Spanning Tree Protocol Configuration T C P 2-45 S 2-46 STP Information T C P 2-47 Page T C ROTOCOL P REE S 2-50 STP Configuration T C P 2-51 Page Page S 2-54 STP Port and Trunk Information T C P 2-55 S 2-56 Page S 2-58 STP Port and Trunk Configuration T C P 2-59 S 2-60 2-61 VLAN Configuration S 2-62 Assigning Ports to VLANs 2-63 S 2-64 Forwarding Tagged/Untagged Frames 2-65 Displaying Basic VLAN Information S 2-66 Displaying Current VLANs Command Attributes for Web Interface Page S 2-68 Creating VLANs 2-69 S 2-70 Adding Interfaces Based on Membership Type 2-71 Page Page S 2-74 2-75 Page C S 2-77 Class of Service Configuration Setting the Default Priority for Interfaces Page C S 2-79 S 2-80 Page S 2-82 Mapping Layer 3/4 Priorit ies to CoS Values Selecting IP Precedence/DSCP Priority Page Page Page S 2-86 Mapping DSCP Priority Page S 2-88 Port Trunk Configuration T C 2-89 Page Page S 2-92 Statically Configuring a Trunk Page S 2-94 Configuring SNMP Page Page Page Page Multicast Configuration S 2-100 Configuring IGMP Parameters C 2-101 Page C 2-103 Interfaces Attached to a Multicast Router Displaying Interfaces Attached to a MulticastRouter S 2-104 Specifying Interfaces Attached to a MulticastRouter C 2-105 Displaying Port Members of Multicast Services Command Attribute Page Page S 2-108 Showing Device Statistics D S 2-109 Statistical Values S 2-110 D S 2-111 S 2-112 Page S THE ONFIGURING WITCH 3 I INE L OMMAND L I 3-2 Telnet Connection C Entering Commands Keywords and Arguments Page C NTERING The command show interfaces ? will display the following information: 3-5 Showing Commands Page C 3-7 Exec Commands L I 3-8 Configuration Commands C 3-9 Command Line Processing L I Command Groups The system commands can be broken down into the functional groups shown below G 3-11 L I 3-12 General Commands enable C 3-13 disable L I 3-14 configure C 3-15 show history Page Page L I 3-18 Flash/File Commands copy /F C 3-19 L I 3-20 Page L I 3-22 dir /F C 3-23 whichboot L I 3-24 boot system M System Management Commands L I 3-26 M C 3-27 hostname username L I 3-28 M C 3-29 enable password L I 3-30 jumbo frame Page L I 3-32 ip http secure-server M C 3-33 ip http secure-port L I 3-34 ip ssh M C 3-35 ip ssh server L I 3-36 disconnect ssh Page L I 3-38 logging on M C 3-39 logging history L I 3-40 logging host M C 3-41 logging facility L I 3-42 logging trap Page L I 3-44 show startup-config M C ANAGEMENT YSTEM 3-45 L I 3-46 show running-config M C 3-47 show system L I 3-48 show users M C 3-49 show version L Authentication Commands C 3-51 authentication login L I 3-52 radius-server host C 3-53 radius-server port radius-server key Page C 3-55 radius-server timeout show radius-server Page C 3-57 tacacs-server key show tacacs-server L SNMP Commands snmp-server community 3-59 Page 3-61 snmp-server host L I 3-62 3-63 snmp-server enable traps L I 3-64 snmp ip filter 3-65 show snmp L I INE OMMAND NTERFACE IP Commands ip address L I 3-68 3-69 ip dhcp restart Page 3-71 show ip redirects L I 3-72 ping C Line Commands L I 3-74 line C 3-75 login L I 3-76 password C 3-77 exec-timeout L I 3-78 password-thresh C 3-79 silent-time L I 3-80 databits C 3-81 parity L I 3-82 speed C 3-83 stopbits show line L Interface Commands C 3-85 interface Page C 3-87 L I 3-88 negotiation C 3-89 capabilities Default Setting L I 3-90 flowcontrol C 3-91 shutdown L I 3-92 switchport broadcast C 3-93 port security L I 3-94 clear counters C 3-95 show interfaces status L I 3-96 Page L I 3-98 show interfaces switchport C 3-99 L I 3-100 Address Table Commands mac-address-table static Use this command to map a static address to a port in a VLAN. Use the no form to remove an address. T C 3-101 L I 3-102 show mac-address-table T C 3-103 clear mac-address-table dynamic mac-address-table aging-time L I 3-104 show mac-address-table aging-time T Spanning Tree Commands Page T C 3-107 spanning-tree mode L I 3-108 spanning-tree forward-time Page L I 3-110 spanning-tree priority T C 3-111 spanning-tree pathcost method Page T C 3-113 spanning-tree cost L I 3-114 spanning-tree port-priority T C 3-115 spanning-tree portfast L I 3-116 spanning-tree edge-port T C 3-117 spanning-tree protocol-migration L I 3-118 spanning-tree link-type Page L I INE OMMAND NTERFACE VLAN Commands L I 3-122 vlan database 3-123 vlan L I 3-124 interface vlan 3-125 switchport mode L I 3-126 switchport acceptable-frame-types 3-127 switchport ingress-filtering L I 3-128 switchport native vlan 3-129 switchport allowed vlan L I 3-130 switchport forbidden vlan 3-131 show vlan L I 3-132 GVRP and Bridge Extension Commands switchport gvrp GVRP C E B 3-133 L I 3-134 garp timer Page L I 3-136 bridge-ext gvrp Page L I 3-138 IGMP Snooping Commands C 3-139 ip igmp snooping L I 3-140 ip igmp snooping vlan static C 3-141 ip igmp snooping version show ip igmp snooping L I 3-142 show mac-address-table multicast C 3-143 ip igmp snooping querier L I 3-144 ip igmp snooping query-count C 3-145 ip igmp snooping query-interval ip igmp snooping query-max-response-time L I 3-146 C 3-147 ip igmp snooping router-port-expire-time L I 3-148 ip igmp snooping vlan mrouter C 3-149 show ip igmp snooping mrouter L I Priority Commands C 3-151 switchport priority default L I 3-152 queue bandwidth C 3-153 queue cos-map L I 3-154 C 3-155 show queue bandwidth show queue cos-map L I 3-156 map ip precedence (Global Configuration) C 3-157 map ip precedence (Interface Configuration) L I 3-158 map ip dscp (Global Configuration) C 3-159 map ip dscp (Interface Configuration) L I 3-160 show map ip precedence C 3-161 show map ip dscp L I 3-162 P C Mirror Port Commands port monitor L I 3-164 show port monitor P C 3-165 L I Port Trunking Commands T C 3-167 channel-group L I 3-168 lacp T C RUNKING ORT 3-169 Page PPENDIX A-1 A T ROUBLESHOOTING Troubleshooting Chart Page Page U P S F B-3 Page PPENDIX C-1 C P A IN SSIGNMENTS Console Port Pin Assignments Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Page Page I NDEX Index-2 R S T U V