beautypg.com

Default port security configuration, Port security configuration guidelines – IBM 12.1(22)EA6 User Manual

Page 312

background image

15-6

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Chapter 15 Configuring Port-Based Traffic Control

Configuring Port Security

out of this state by entering the errdisable recovery cause psecure-violation global configuration
command, or you can manually re-enable it by entering the shutdown and no shutdown interface
configuration commands. This is the default mode.

Table 15-1

shows the violation mode and the actions taken when you configure an interface for port

security.

Default Port Security Configuration

Table 15-2

shows the default port security configuration for an interface.

Port Security Configuration Guidelines

Follow these guidelines when configuring port security:

Port security can only be configured on static access ports.

A secure port cannot be a dynamic access port or a trunk port.

A secure port cannot be a destination port for Switched Port Analyzer (SPAN).

A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.

You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.

When you enable port security on an interface that is also configured with a voice VLAN, you must
set the maximum allowed secure addresses on the port to at least two plus the maximum number of
secure addresses allowed on the access VLAN. When the port is connected to a Cisco IP phone, the

Table 15-1

Security Violation Mode Actions

Violation Mode

Traffic is
forwarded

1

1.

Packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses.

Sends SNMP
trap

Sends syslog
message

Displays error
message

2

2.

The switch will return an error message if you manually configure an address that would cause a security violation.

Violation
counter
increments

Shuts down port

protect

No

No

No

No

No

No

restrict

No

Yes

Yes

No

Yes

No

shutdown

No

Yes

Yes

No

Yes

Yes

Table 15-2

Default Port Security Configuration

Feature

Default Setting

Port security

Disabled.

Maximum number of secure MAC addresses

One.

Violation mode

Shutdown.

Sticky address learning

Disabled.

Port security aging

Disabled. Aging time is 0. When enabled, the default
type is absolute.

See also other documents in the category IBM Computer Accessories: