DES-7200 Configuration Guide Chapter 5 Port-based Flow Control Configuration
5-7
share with the ACLs the hardware resources of the system. Therefore, when you apply
the ACLs on one secure port, the IP+MAC addresses and IP addresses on the port
can be configured with less secure addresses.
The secure addresses for the same secure port must have the same format, namely
either all or none of them are bound with IP addresses. If a security port includes these
two types of security addresses at the same time, the secure address not bound with
the IP address will fail (the secure address bound with the IP address has a high
priority).
5.3.2.3 Configuration of Secure Ports
and Violation Handling Modes
In the interface configuration mode, configure secure ports and violation handling
modes by using the following commands:
Command Function
DES-7200(config-if)# switchport
port-security
Enable the port security function of this interface.
DES-7200(config-if)# switchport
port-security maximum value
Set the maximum number of secure addresses on the
interface. The range is between 1 and 1000 and the
default value is 128.
DES-7200(config-if)# switchport
port-security violation{protect |
restrict | shutdown}
Set the violation handling mode:
protect: Protected port. When the number of secure
addresses if full, the security port will discard the
packets from unknown address (that is, not any among
the secure addresses of the port).
restrict: In the case of violation, a Trap notification is
sent
shutdown: In the case of violation, the port is shut down
and a Trap notification is sent. When a port is closed
because of violation, you can recover it from the error
status by using the errdisable recovery command in
the global configuration mode.
DES-7200(config-if)# switchport
port-security mac-address sticky
Enable the Sticky MAC address learning.
In the interface configuration mode, you can disable the port security function of an
interface with the command no switchport port-security. Use the command no
switchport port-security maximum to recover to the default maximum value. Use
the command no switchport port-security violation to set violation handling to the
default mode. Use the command no switchport port-security mac-address sticky to
set the Sticky MAC address learning to the default mode.