No notification is sent out in this mode when security
violation occurs.
Restrict: Packets with unknown source addresses are dropped when the number of secure MAC addresses
reaches the set limit allowed on the port. This continues until a sufficient number of secure MAC addresses
is removed or the number of maximum allowable addresses is increased. Notification is sent out in this
mode that a security violation has occurred. An SNMP trap is sent, a syslog message is logged, and the
violation counter is incremented.
Shutdown: When a port security violation occurs, the port is placed in error-disabled state, turning off its
port LED. In this mode, an SNMP trap is sent out, a syslog message is logged, and the violation counter is
incremented.
To enable the port security feature, use the switchport port-security interface configuration command. The
command has several options.
Example 4-3 shows how to configure a static secure MAC address on a port and enable sticky learning.
Example 4-3. Port Security Configuration Example 1
Switch(config)# interface Fastethernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address 0009.
Pages:
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179