D-Link DXS-3600 Series Reference Manual page 890
Dxs-3600 series layer 2/3 managed 10gigabit ethernet switch
Hide thumbs
Also See for DXS-3600 Series:
- Cli reference manual (1456 pages) ,
- Reference manual (680 pages) ,
- Hardware installation manual (55 pages)
Table of Contents
DXS-3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide
As a permanent secured entry of a port security enabled port, the MAC address cannot be moved to
another port.
When the maximum setting is changed, the learned address will remain unchanged when the maximum
number increases. If the maximum number is changed to a lower value which is lower than the existing
entry number, the command is rejected.
A port-security enabled port has the following restrictions.
•
The port security function cannot be enabled simultaneously with 802.1X, MAC (MAC-based
Access Control), JWAC, WAC and IMPB, that provides more advanced security capabilities.
•
If a port is specified as the destination port for the mirroring function, the port security function
cannot be enabled.
•
If the port is a link aggregation member port, the port security function cannot be enabled.
When the maximum number of secured users is exceeded, one of the following actions can occur:
•
Protect - When the number of port secure MAC addresses reaches the maximum number of
users that is allowed on the port, the packets with the unknown source address is dropped until
some secured entry is removed to release the space.
•
Restrict - A port security violation restricts data and causes the security violation counter to
increment.
•
Shutdown - The interface is disabled, based on errors, when a security violation occurs.
Example
This example shows how to configure the port security mode to be permanent, specifying that a
maximum of 5 secure MAC addresses are allowed on the port.
Switch# configure terminal
Switch(config)# interface eth1/0/1
Switch(config-if)# switchport port-security mode permanent
Switch(config-if)# switchport port-security maximum 5
Switch(config-if)#
This example shows how to manually add the secure MAC addresses 00-00-12-34-56-78 with VID 5 at
interface eth1/0/1.
Switch# configure terminal
Switch(config)# interface eth1/0/1
Switch(config-if)# switchport port-security mac-address 00-00-12-34-56-78 vlan 5
Switch(config-if)#
This example shows how to configure the switch to drop all packets from the insecure hosts at the port-
security process level and increment the security violation counter if a security violation is detected.
Switch# configure terminal
Switch(config)# interface eth1/0/1
Switch(config-if)# switchport port-security violation restrict
Switch(config-if)#
74-4 switchport port-security aging
This command is used to configure the aging time for auto-learned dynamic secure addresses on an
interface. Use the no form of the command to reset to the default setting.
switchport port-security aging {time MINUTES | type {absolute | inactivity}}
no switchport port-security aging {time | type}
890
Table of Contents
