Configuring port-security shutdown time, Configuring oui-based port security – Brocade Network OS Administrator’s Guide v4.1.1 User Manual
Page 315

1. Enable interface subconfiguration mode for the interface you want to modify.
switch(config)# interface TenGigabitEthernet 1/0
2. Put the interface in Layer 2 mode by using the switchport command.
switch(conf-if-te-1/0)# switchport
3. Set the MAC address and VLAN ID for the interface.
switch(conf-if-te-1/0)# switchport port-security mac-address 1000.2000.3000 vlan
100
Configuring port-security shutdown time
You can configure two responses to a violation of port security: restrict and shutdown.
• The restrict option drops packets that have unknown source addresses until you remove a sufficient
number of secure MAC addresses until this value is below that set by the switchport port-security
max command.
• The shutdown option puts the interface in the error-disabled state immediately for a predetermined
amount of time.
To configure the port-security shutdown time for an interface port, do the following in global
configuration mode.
1. Enable interface subconfiguration mode for the interface you want to modify.
switch(config)# interface TenGigabitEthernet 1/0
2. Put the interface in Layer 2 mode by using the switchport command.
switch(conf-if-te-1/0)# switchport
3. Set the violation response option to shutdown.
switch(conf-if-te-1/0)# switchport port-security violation shutdown
4. Set the shutdown time, in minutes.
switch(conf-if-te-1/0)# switchport port-security shutdown-time 10
Configuring OUI-based port security
If you know which types of systems are connected to your network, use this security feature to configure
an Organizationally Unique Identifier (OUI) MAC address on a secure port. This ensures that only traffic
from a known OUI MAC address is forwarded.
To configure OUI-based port security, do the following in global configuration mode.
1. Enable interface subconfiguration mode for the interface you want to modify.
switch(config)# interface TenGigabitEthernet 1/0
2. Put the interface in Layer 2 mode by using the switchport command.
switch(conf-if-te-1/0)# switchport
3. Configure a permitted OUI MAC address by using the switchport port-security oui command.
switch(conf-if-te-1/0)# switchport port-security oui 2000.3000.4000
Configuring port security with sticky MAC addresses
You can configure an interface to convert dynamic MAC addresses to sticky secure MAC addresses
and add them to the running-config by enabling sticky learning. This converts all dynamic secure MAC
addresses, including those learned dynamically before sticky learning was enabled, to sticky secure
MAC addresses.
To configure sticky MAC addresses on a secure port, do the following in global configuration mode.
1. Enable interface subconfiguration mode for the interface you want to modify.
switch(config)# interface TenGigabitEthernet 1/0
2. Put the interface in Layer 2 mode by using the switchport command.
switch(conf-if-te-1/0)# switchport
Configuring port-security shutdown time
Network OS Administrator’s Guide
315
53-1003225-04