Port security can be implemented in the following three ways:
Static secure MAC addresses are manually configured using the switchport port-security mac-address
[source-mac-address] command and stored in the MAC address table and in the configuration.
Dynamic secure MAC addresses are dynamically learned, stored in the MAC address table, but removed
when the switch is reloaded or powered down.
Sticky secure MAC addresses are the combination of items 1 and 2 in this list. They can be learned
dynamically or configured statically and are stored in the MAC address table and in the configuration.
When the switch reloads, the interface does not need to dynamically discover the MAC addresses if they
are saved in the configuration file.
In the event of a violation, an action is required. A violation occurs when an attempt is made to access the
switch port by a host address that is not found in the MAC address table, or when an address learned or defined
on one secure interface is discovered on another secure interface in the same VLAN.
An interface can be configured for one of the following three security violation modes, based on the action to be
taken when a violation occurs:
Protect: This puts the port into the protected port mode, where all unicast or multicast packets with
unknown source MAC addresses are dropped.
Pages:
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178