This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
icnd1:switchport_security [2024/05/01 00:49] 114.119.130.33 old revision restored (2023/10/21 08:16) |
icnd1:switchport_security [2024/05/21 22:13] (current) 114.119.141.71 old revision restored (2023/10/14 16:08) |
||
---|---|---|---|
Line 4: | Line 4: | ||
Violation Actions: | Violation Actions: | ||
- | *Shutdown | + | |
- | *Port shuts down immediately. When in error-disabled-state you can ressurect the port with errdisable recovery cause psecure-violation (global config) OR manually toggle up status on the interface with shutdown, no shutdown (int config). | + | * Port shuts down immediately. When in error-disabled-state you can ressurect the port with errdisable recovery cause psecure-violation (global config) OR manually toggle up status on the interface with shutdown, no shutdown (int config). |
- | *Restrict | + | |
+ | * Causes SecurityViolation counter to increment, and generates an SNMP notification. Rate of SNMP traps are created can be altered by snmp-server enable traps port-security trap-rate command. Default val is 0, causing SNMP trap to generate on every violation. | ||
===== Configuration ===== | ===== Configuration ===== | ||
---- | ---- | ||
- | Switchport security | + | Switchport security |
+ | *Int FA01 | ||
+ | *swport mode access | ||
+ | *enable port sec | ||
+ | *port sec max address to store is 1 | ||
+ | *mac-addres stick, auto learn the next mac address on this port. | ||
+ | *violation mode set to shutdown. | ||
+ | *Show command to verify configuration on fa0/1. | ||
< | < | ||
Switch(config)# | Switch(config)# | ||
+ | Switch(config-if)# | ||
+ | Switch(config-if)# | ||
+ | Switch(config-if)# | ||
+ | Switch(config-if)# | ||
+ | Switch(config-if)# | ||
+ | Switch(config-if)# | ||
</ | </ |