In protect mode only the traffic from authorized MACs are allowed and other traffic is blocked. Available modes are shutdown, restrict and protect.
You can decide what action should be taken if violation is detected. OTGSwitch(config-if)# switchport port-security maximum 2 Configure violation mode Sometimes you need a maximum of two devices to attach to a switch port. However you may want to modify the above default settings to suit your needs which is explained next. Aging is disabled and so learned MAC addresses do not expire even after the host is disconnected. If violation occurs then the port goes to shutdown (error-disabled) state. I.e, Only one MAC address is allowed to connect to the port. The default settings for port security are: OTGSwitch(config-if)# switchport port-security OTGSwitch(config-if)# switchport mode access
To turn it on, on any of the switch interfaces: OTGSwitch(config)# interface Fa0/1 Port security can only be configured on access ports. Also you can restict too many devices sharing connection to one of the switch ports by attaching to hubs or other dumb switches. This feauture can typically be used if your switch is in a public area where it is possible for people to pull out cables and plug in to your switch ports etc. However you should plan beforehand which ports are to be secured, how many MACs are allowed on these ports, should the MACs be static or dynamic and what action to perform if the restriction is violated. By configuring port security you can make sure that only certain MAC addresses are allowed to connect to certain switch ports and if others are detected, these ports can be shutdown. Port security is one of the methods for restricting unauthorized access to your switch ports.
0 kommentar(er)
