beautypg.com

Port security, Mac-learning, Mac-learning 922 – LevelOne GTL-2691 User Manual

Page 922: Table 84: management ip filter commands

background image

C

HAPTER

29

| General Security Measures

Port Security

– 922 –

P

ORT

S

ECURITY

These commands can be used to enable port security on a port.

When MAC address learning is disabled on an interface, only incoming

traffic with source addresses already stored in the dynamic or static

address table for this port will be authorized to access the network.

When using port security, the switch stops learning new MAC addresses on

the specified port when it has reached a configured maximum number.

Only incoming traffic with source addresses already stored in the dynamic

or static address table for this port will be authorized to access the

network. The port will drop any incoming frames with a source MAC

address that is unknown or has been previously learned from another port.

If a device with an unauthorized MAC address attempts to use the switch

port, the intrusion will be detected and the switch can automatically take

action by disabling the port and sending a trap message.

mac-learning

This command enables MAC address learning on the selected interface. Use

the no form to disable MAC address learning.

S

YNTAX

[no] mac-learning

D

EFAULT

S

ETTING

Enabled

C

OMMAND

M

ODE

Interface Configuration (Ethernet or Port Channel)

C

OMMAND

U

SAGE

The no mac-learning command immediately stops the switch from

learning new MAC addresses on the specified port or trunk. Only

incoming traffic with source addresses stored in the static address table

will be accepted. Note that the dynamic addresses stored in the

address table when MAC address learning is disabled are flushed from

the system, and no dynamic addresses are subsequently learned until

MAC address learning has been re-enabled.

Table 84: Management IP Filter Commands

Command

Function

Mode

mac-address-table static

Maps a static address to a port in a VLAN

GC

mac-learning

Enables MAC address learning on the selected physical

interface or VLAN

IC

port security

Configures a secure port

IC

show mac-address-table

Displays entries in the bridge-forwarding database

PE

show port security

Displays port security status and secure address count

PE

See also other documents in the category LevelOne Routers: