Disabling the port for a specified amount of time, Clearing port security statistics, Clearing restricted mac addresses – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Aging for restricted MAC addresses is done in software. There can be a worst case inaccuracy of one
minute from the specified time.

The restricted MAC addresses are denied in hardware.

Disabling the port for a specified amount of time

You can configure the device to disable the port for a specified amount of time when a security violation
occurs.

To shut down the port for 5 minutes when a security violation occurs, enter the following commands.

device(config)#interface ethernet 7/11

device(config-if-e1000-7/11)#port security

device(config-port-security-e1000-7/11)#violation shutdown 5

Syntax: violation [ shutdown ] [minutes ]

The minutes can be from 0 through 1440 minutes. Specifying 0 shuts down the port permanently when
a security violation occurs.

Clearing port security statistics

You can clear restricted MAC addresses and violation statistics from ports on all ports or on individual
ports.

Clearing restricted MAC addresses

To clear all restricted MAC addresses globally, enter the clear port security restricted-macs all
command.

device#clear port security restricted-macs all

To clear restricted MAC addresses on a specific port, enter a command such as the following.

Brocade#clear port security restricted-macs ethernet 5

Syntax: clear port security restricted-macs [ all | ethernet port ]

Clearing violation statistics

To clear violation statistics globally, enter the clear port security statistics all command.

device#clear port security statistics all

To clear violation statistics on a specific port, enter a command such as the following.

device#clear port security statistics ethernet 1/5

Syntax: clear port security statistics [ all | ethernet port ]

Disabling the port for a specified amount of time

FastIron Ethernet Switch Security Configuration Guide

223

53-1003088-03