Ip source guard commands, Ip source guard commands -4 – SMC Networks SMC TigerAccess SMC7824M/FSW User Manual

C

LIENT

S

ECURITY

C

OMMANDS

22-4

Command Usage

• If you enable port security, the switch stops learning new MAC

addresses on the specified port when it has reached a configured
maximum number. Only incoming traffic with source addresses
already stored in the dynamic or static address table will be accepted.

• First use the port security max-mac-count command to set the

number of addresses, and then use the port security command to
enable security on the port.

• Use the no port security max-mac-count command to disable port

security and reset the maximum number of addresses to the default.

• You can also manually add secure addresses with the

mac-address-table static command.

• A secure port has the following restrictions:

- Cannot be connected to a network interconnection device.
- Cannot be a trunk port.

• If a port is disabled due to a security violation, it must be manually

re-enabled using the no shutdown command.

Example
The following example enables port security for port 5, and sets the
response to a security violation to issue a trap message:

Related Commands

shutdown (24-9)
mac-address-table static (28-2)

IP Source Guard Commands

IP Source Guard is a security feature that filters IP traffic on network
interfaces based on manually configured entries in the IP Source Guard
table, or static and dynamic entries in the DHCP Snooping table when
enabled (see “DHCP Snooping Commands” on page 22-10). IP source
guard can be used to prevent traffic attacks caused when a host tries to use

Console(config)#interface ethernet 1/5
Console(config-if)#port security action trap