Configuring and Monitoring Port Security
Port Security Command Options and Operation
Parameter Description
Action action <none | send-alarm | send-disable>
Specifies whether an SNMP trap is sent to a network management station when Learn Mode is set to static
and the port detects an unauthorized device, or when Learn Mode is set to continuous and there is an address
change on a port.
None (the default): Prevents an SNMP trap from being sent.
Send Alarm: Causes the switch to send an SNMP trap to a network management station.
Send Alarm and Disable: Available only in the
static learn-mode. Causes the switch to send an SNMP trap
to a network management station and disable the port. If you subsequently re-enable the port without clearing
the port’s intrusion flag, the port will block further intruders, but the switch will not disable the port again until
you reset the intrusion flag. See the Note on
7-17.
For information on configuring the switch for SNMP management, refer to the Management and Configuration
Guide for your switch.
Clear- clear-intrusion-flag
Intrusion-
Clears the intrusion flag for a specific port. (See “Reading Intrusion Alerts and Resetting Alert Flags” on page
Flag
7-15.)
Retention of Static Addresses
Learned Addresses. In the following two cases, a port in Static learn mode
retains a learned MAC address even if you later reboot the switch or disable
port security for that port:
■ The port learns a MAC address after you configure the port for Static
learn mode in both the startup-config file and the running-config file
(by executing the write memory command).
■ The port learns a MAC address after you configure the port for Static
learn mode in only the running-config file and, after the address is
learned, you execute write memory to configure the startup-config
file to match the running-config file.
To remove an address learned using either of the preceding methods, do one
of the following:
■ Delete the address by using no port-security < port-number > mac-
address < mac-addr >.
■ Download a configuration file that does not include the unwanted
MAC address assignment.
■ Reset the switch to its factory-default configuration.
7-8
