beautypg.com

GE ML1600 User Manual

Page 102

background image

6–6

MULTILINK ML1600 ETHERNET COMMUNICATIONS SWITCH – INSTRUCTION MANUAL

CONFIGURING PORT SECURITY THROUGH THE COMMAND LINE INTERFACE

CHAPTER 6: ACCESS CONSIDERATIONS

Example 6-3 shows how to allow specific MAC address on specific ports. After the MAC
address is specified, the port or specific ports or a range of ports can be queried as shown.

Example 6-4 shows how to remove a MAC address from port security

To set logging on a port, use the following command sequence:

ML1600(port-security)##

signal port=11 logandtrap

Port security Signal type set to Log and

Trap on selected port(s)

The examples provided illustrate the necessary commands to setup port security. The
recommended steps to setup security are:

Z

Set the ML1600 software to allow port security commands (use the

port-security

command).

Z

Enable port security (use the

enable ps

command).

Z

Enable learning on the required ports (for example, use the

learn

port=11

enable command for port 11).

Z

Verify learning is enables and MAC addresses are being learnt on
required ports (use the

show port-security port=11

command).

Z

Save the port-security configuration (use the

save

command).

Z

Disable learning on required ports (for example, use the

learn

port=11,15 disable

command).

Example 6-3: Allowing specific MAC addresses on specific ports

ML1600(port-security)##

allow mac=00:c1:00:7f:ec:00 port=9,11,13

Specified MAC address(es) allowed on selected port(s)

ML1600(port-security)##

show port-security port=9,11,13

PORT

STATE

SIGNAL

ACTION

LEARN

COUNT

MAC ADDRESS

----

-----

------

------

-----

-----

-----------

9

ENABLE

LOG

NONE

ENABLE

6

00:e0:29:2a:f1:bd

00:01:03:e2:27:89

00:07:50:ef:31:40

00:e0:29:22:15:85

00:03:47:ca:ac:45

00:30:48:70:71:23

00:c1:00:7f:ec:00

11

ENABLE

NONE

NONE

ENABLE

0

00:c1:00:7f:ec:00

13

ENABLE

NONE

NONE

DISABLE

0

00:c1:00:7f:ec:00

Example 6-4: Removing MAC addresses from specific ports

ML1600(port-security)##

remove mac=00:c1:00:7f:ec:00 port=13

Specified MAC address(es) removedfrom selected

port(s)

ML1600(port-security)##

show port-security port=13

PORT

STATE

SIGNAL

ACTION

LEARN

COUNT

MAC ADDRESS

----

-----

------

------

-----

-----

-----------

13

ENABLE

NONE

NONE

ENABLE

0

Not Configured

ML1600(port-security)##

See also other documents in the category GE Computer Accessories: