Process and they appear in my CAM table as "dynamic" entriesġ) since I am learning mac addresses dynamically thru a port, is it possible to stop this without the port-security commands?Ģ) if not I would like to know what does "mac-address-table secure" command does?Ĭisco(config)#mac-address-table secure 2.2.The new network switch port keeps going back into err-disabled mode so we can deduce port security is still enabled on this port -> A is correct but B is not correct. But I am still learning MAC addresses thru STP learning I am still able to learn other mac addresses via the same fa2 port if I connect a host to it.My requirement is I should not beĪble to communicate using another hosts in those particular ports. I cant configure any more as my version supports only till this.Ĭisco(config)#mac-address-table static 3.3.3 interface fastEthernet 2 vlan 2 ? Mac-address-table static interface fastethernet 1 vlan 2 # I want my switch to allow ony 2 mac addresses through the fa1 interface(the PC's and ip phones') Restrict - drop the packets over the max, and log the event. Protect - silently drop the packets from the excess MAC addresses. A violation occurs either when the max number of MACs is exceeded, or when an address on one secure port is seen on another secure port on the same VLAN. Next, decide how to handle security violations. You then have to copy run start to make these settings survive a reload. As soon as you do this, these MACs become static commands, but in the running config only.
To use this, wait until your switchport has learned the MACs you want, then issue the interface command switchport port-sec mac sticky. Sticky - converts dynamic address to static addresses in the running config only. command is switchport port-sec mac-add 0011.2233.4455ĭynamic - port will learn MAC addresses as usual, but stop learning more addresses when it has reached the max.
Sw(config-if)# switchport port-secu max 1 Then, choose between the three ways of learning MACs. First, you set the maximum number of MAC addresses for the switchport (default is 1. Port security is set at the interface level. First, make sure your IOS supports port security.
0 kommentar(er)
