Shutdown: – In this mode switch will generate the violation alert and disable the port. But in this mode, switch will make a log entry and generate a security violation alert. Restrict: – In restrict mode frames from non-allowed address would be dropped. Any additionally learned addresses would be dropped while keeping interface operational. Interface will learn address until it reach maximum allowed number. ![]() It will not make log entry for dropped frames. In this mode frames from non-allowed address would be dropped. Protect: – This mode will only work with sticky option. We need to specify what action it should take in security violation. Interface will learn mac addresses until it reaches maximum number of allowed hosts. In dynamic mode we use sticky feature that allows interface to learn mac address automatically. We need to enter all mac addresses manually that is too much tedious job. This is the most secure method but it needs a lot of manual works. In static method we have to manually define exact host mac address with switchport port-security mac-address MAC_address command. We have two options static and dynamic to associate mac address with interface. ![]() switchport port-security maximum value command will set the maximum number of hosts. ![]() Maximum number of devices that can be associated with the interface is 132. We can set this limit anywhere from 1 to 132. switchport port-security limit maximum number of hostsĪccording to our requirements we can limit hosts that can be associated with an interface. switchport port-security command enables it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |