This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
icnd1:switchport_security [2024/04/30 03:56] 114.119.158.167 old revision restored (2023/09/30 03:25) |
icnd1:switchport_security [2024/05/22 01:30] (current) 114.119.155.78 old revision restored (2023/11/20 13:11) |
||
---|---|---|---|
Line 5: | Line 5: | ||
Violation Actions: | Violation Actions: | ||
***Shutdown** (**DEFAULT**) | ***Shutdown** (**DEFAULT**) | ||
- | * Port shuts down immediately. When in error-disabled-state you can ressurect the port with errdisable recovery cause psecure-violation (global config) OR manually toggle up status on the interface with shutdown, no shutdown (int config). | + | *Port shuts down immediately. When in error-disabled-state you can ressurect the port with errdisable recovery cause psecure-violation (global config) OR manually toggle up status on the interface with shutdown, no shutdown (int config). |
- | | + | *Restrict |
- | * Causes SecurityViolation counter to increment, and generates an SNMP notification. Rate of SNMP traps are created can be altered by snmp-server enable traps port-security trap-rate command. Default val is 0, causing SNMP trap to generate on every violation. | + | |
===== Configuration ===== | ===== Configuration ===== | ||
---- | ---- | ||
- | Switchport security | + | Switchport security |
- | *Int FA01 | ||
- | *swport mode access | ||
- | *enable port sec | ||
- | *port sec max address to store is 1 | ||
- | *mac-addres stick, auto learn the next mac address on this port. | ||
- | *violation mode set to shutdown. | ||
- | *Show command to verify configuration on fa0/1. | ||
< | < | ||
Switch(config)# | Switch(config)# | ||
- | Switch(config-if)# | ||
- | Switch(config-if)# | ||
- | Switch(config-if)# | ||
- | Switch(config-if)# | ||
- | Switch(config-if)# | ||
- | Switch(config-if)# | ||
</ | </ |