Configuring port-security shutdown time, Configuring oui-based port security – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

1. Enable interface subconfiguration mode for the interface you want to modify.

switch(config)# interface TenGigabitEthernet 1/0

2. Put the interface in Layer 2 mode by using the switchport command.

switch(conf-if-te-1/0)# switchport

3. Set the MAC address and VLAN ID for the interface.

switch(conf-if-te-1/0)# switchport port-security mac-address 1000.2000.3000 vlan

100

Configuring port-security shutdown time

You can configure two responses to a violation of port security: restrict and shutdown.

• The restrict option drops packets that have unknown source addresses until you remove a sufficient

number of secure MAC addresses until this value is below that set by the switchport port-security
max command.

• The shutdown option puts the interface in the error-disabled state immediately for a predetermined

amount of time.

To configure the port-security shutdown time for an interface port, do the following in global
configuration mode.

1. Enable interface subconfiguration mode for the interface you want to modify.

switch(config)# interface TenGigabitEthernet 1/0

2. Put the interface in Layer 2 mode by using the switchport command.

switch(conf-if-te-1/0)# switchport

3. Set the violation response option to shutdown.

switch(conf-if-te-1/0)# switchport port-security violation shutdown

4. Set the shutdown time, in minutes.

switch(conf-if-te-1/0)# switchport port-security shutdown-time 10

Configuring OUI-based port security

If you know which types of systems are connected to your network, use this security feature to configure
an Organizationally Unique Identifier (OUI) MAC address on a secure port. This ensures that only traffic
from a known OUI MAC address is forwarded.

To configure OUI-based port security, do the following in global configuration mode.

1. Enable interface subconfiguration mode for the interface you want to modify.

switch(config)# interface TenGigabitEthernet 1/0

2. Put the interface in Layer 2 mode by using the switchport command.

switch(conf-if-te-1/0)# switchport

3. Configure a permitted OUI MAC address by using the switchport port-security oui command.

switch(conf-if-te-1/0)# switchport port-security oui 2000.3000.4000

Configuring port security with sticky MAC addresses

You can configure an interface to convert dynamic MAC addresses to sticky secure MAC addresses
and add them to the running-config by enabling sticky learning. This converts all dynamic secure MAC
addresses, including those learned dynamically before sticky learning was enabled, to sticky secure
MAC addresses.

To configure sticky MAC addresses on a secure port, do the following in global configuration mode.

1. Enable interface subconfiguration mode for the interface you want to modify.

switch(config)# interface TenGigabitEthernet 1/0

2. Put the interface in Layer 2 mode by using the switchport command.

switch(conf-if-te-1/0)# switchport

Configuring port-security shutdown time

Network OS Administrator’s Guide

315

53-1003225-04